Back to Blog

BlockSec Completed Security Audit for Neo X

Code Auditing
August 1, 2024

In today's rapidly evolving blockchain landscape, numerous blockchain networks are emerging. For projects and users alike, the security of these networks is crucial for safe deployment and on-chain interactions, making security audits essential in ensuring blockchain safety.

We are thrilled to announce that BlockSec has completed the security audit for Neo X, an EVM-compatible sidechain of Neo, with the ability to eliminate toxic MEVs. We provided a comprehensive security audit through our systematic and business logic-focused methodology, establishing a robust first line of defense for the Neo X ecosystem.

You can review the audit report here.

Introducing Neo X: A Brief Overview

Neo X is an EVM-compatible sidechain incorporating Neo's distinctive Delegated Byzantine Fault Tolerance (dBFT) consensus mechanism. Its launch marks a significant step forward for Neo since the upgrade from Neo Legacy to Neo N3.

Serving as a bridge between Neo N3 and the widely used EVM network, Neo X will play a crucial role in expanding the Neo ecosystem and offering developers more opportunities for innovation. As described in the design document, the dBFT protocol requires more than half (i.e., 1/2 instead of 2/3) as the consensus threshold for voting. This means that 4 validators are sufficient to achieve consensus since the top 7 candidates will be selected for each epoch.

BlockSec's Audit for Neo X

The audit specifically focuses on the security of the Neo X node, a Golang implementation based on the Ethereum protocol execution layer. The audit scope covers the discrepancies between the original Geth implementation and the forked parts.

In summary, we have identified several issues of varying risk levels that require attention. The Neo team has promptly responded to and resolved these issues, ensuring that the Neo X network meets high security standards and providing a solid foundation for its future growth.

About BlockSec

BlockSec ensures the security of blockchain ecosystems throughout their entire lifecycle.

We offer comprehensive EVM chain audit services to ensure robust security at the pre-launch stage. Leveraging our cutting-edge research capabilities and systematic auditing methodology, we have excelled in blockchain auditing. Our expertise is evidenced by multiple presentations of blockchain security papers at prestigious conferences and numerous reports of zero-day attacks.

Our attack monitoring and blocking platform, Phalcon, ensures blockchain security at the post-launch stage. Phalcon empowers projects of the supported chains to detect suspicious transactions, receive instant alerts, and automatically block hacks. Additionally, Phalcon includes a support tool that enhances the user experience: Phalcon Explorer, a transaction visualization tool that helps users easily view and analyze suspicious transactions.

Our esteemed blockchain clients include Neo X, Manta, Merlin, Polygon zkEVM, XAI, EOS Network Foundation, Kava, NEAR Foundation, Evmos, Aurora, and others.

Schedule a comprehensive security audit for your project here.

Book a quick demo of Phalcon here.

Sign up for the latest updates
~$800K Lost: Hinkal Double-Spend | BlockSec Weekly
Security Insights

~$800K Lost: Hinkal Double-Spend | BlockSec Weekly

This weekly security report covers 1 notable incident from June 29 to July 5, 2026, with approximately $800K in total losses on Ethereum. The Hinkal shielded-pool protocol was drained through a double-spend attack that likely exploited a flaw in the legacy note format, allowing the attacker to derive multiple nullifiers from a single deposit. The report analyzes the probable circuit-level vulnerability, the attack flow, and broader implications for nullifier-based privacy protocols.

Newsletter - June 2026
Security Insights

Newsletter - June 2026

This monthly report covers the three largest security incidents in June 2026, totaling approximately $22M in confirmed losses. A sophisticated honeypot attack drained ~$15M from JaredFromSubway's MEV bot by exploiting unchecked token allowances. Two legacy Aztec rollup deployments lost ~$4.35M through proof-settlement boundary gaps. SecondFi's Ed25519 implementation flaw exposed wallet private keys, resulting in ~$2.4M drained from 374 wallets. All three incidents share a common pattern: security guarantees that appeared intact on the surface but were never actually enforced.

~$4.1M Lost: Taiko, SecondFi Exploits | BlockSec Weekly
Security Insights

~$4.1M Lost: Taiko, SecondFi Exploits | BlockSec Weekly

This weekly blockchain security report covers two notable incidents from June 22-28, 2026, with approximately $4.1M in confirmed losses across Ethereum and Cardano. The Taiko bridge exploit combined an exposed SGX enclave signing key with an incomplete attestation policy that failed to reject debug enclaves, allowing the attacker to register a malicious prover and forge L2 state proofs on Ethereum. The SecondFi wallet vulnerability stemmed from a cryptographic implementation flaw in Ed25519 nonce derivation that removed the secret input, enabling offline private key recovery from public Cardano transaction data.

Best Security Auditor for Web3

Validate design, code, and business logic before launch. Aligned with the highest industry security standards.

BlockSec Audit