Discovery Trending Launches KYC Verified Watchlist Risk Alerts
Token Minter AI Threat Detection Token Burner
Blog & News Docs Visit SolidProof.io

QUBIT Info

qbit.technology

QBIT opens the gate to a permissionless network where entangled logic replaces computation, and circuits execute in the raw fabric of the quantum field. At its core: a decentralized network of quantum machines, programmable by code, powered by QBIT, and optimized for a world where entropy is a resource, not a bug.

QUBIT Logo
Onboarded date 14/07/2025

Team and KYC Verification

The team has securely submitted their personal information to SolidProof.io for verification.

In the event of any fraudulent activities, this information will be promptly reported to the relevant authorities to ensure accountability and compliance.

TrustNet Score

The TrustNet Score evaluates crypto projects based on audit results, security, KYC verification, and social media presence. This score offers a quick, transparent view of a project's credibility, helping users make informed decisions in the Web3 space.

78.54
Poor Excellent

Real-Time Threat Detection

Real-time threat detection, powered by Cyvers.io, is currently not activated for this project.

This advanced feature provides continuous monitoring and instant alerts to safeguard your assets from potential security threats. Real-time detection enhances your project's security by proactively identifying and mitigating risks. For more information, click here.

Security Assessments

"Static Analysis Dynamic Analysis Symbolic Execution SWC Check Manual Review"
Contract address
N/A
Network N/A
License N/A
Compiler N/A
Type N/A
Language JavaScript / TypeScript
Onboard date 2025/07/14
Revision date 2025/07/15

Summary and Final Words

No crucial issues found

The contract does not contain issues of high or medium criticality. This means that no known vulnerabilities were found in the source code.

Scope of Work

This audit encompasses the evaluation of the QBIT Quantum Wallet Generator codebase as provided at the start of this engagement. The assessment was conducted on the complete project structure, including frontend components, backend API routes, and configuration files.

The auditing process consists of the following systematic steps:

  1. Architecture and Specification Review: Analyze the project's documentation, dependencies (package.json), configuration (next.config.mjs), and application entry points to understand the overall architecture, scope, and intended functionality.
  2. Static Code Analysis: Conduct a thorough review of the source code using a combination of semantic search, pattern matching, and targeted file examination to identify potential security vulnerabilities, logic flaws, and design pattern violations.
  3. Functionality and Security Alignment: Ensure that feature implementations (e.g., wallet generation, token swapping) align with their stated security goals and that function-level logic is correct across various execution paths.
  4. Test Coverage Assessment: Evaluate the codebase for the presence and adequacy of automated tests (unit, integration) to identify critical logic paths that are not covered.
  5. Vulnerability Pattern Identification: Analyze the codebase for common web application vulnerabilities, including but not limited to hardcoded secrets, insufficient input validation, insecure dependency management, cross-site scripting (XSS) vectors, and information disclosure through error handling.
  6. Best Practices Evaluation: Assess the codebase against established industry best practices for secure web application development, including Next.js security guidelines and general OWASP principles.
  7. Actionable Recommendations: Provide a detailed, specific, and actionable report of all findings, including their potential impact and clear steps for remediation and optimization.

This audit reflects the state of the codebase at a specific point in time. Any modifications made to the code after this review may introduce new conditions or vulnerabilities that were not within the scope of this assessment.

Final Words

The following provides a concise summary of the audit report, accompanied by insightful comments from the auditor. This overview captures the key findings and observations, offering valuable context and clarity.

This security re-audit of the QBIT Quantum Wallet Generator confirms significant improvements in the application's security posture since the previous assessment. The development team has successfully addressed the majority of previously identified vulnerabilities, demonstrating a strong commitment to security best practices. The application now properly utilizes environment variables for secrets management, implements comprehensive input validation, and features robust rate limiting across all API endpoints.

Quantum Randomness Verification

This audit verified that the QBIT application successfully integrates real quantum randomness for its core wallet generation functionality. The system properly obtains cryptographically secure entropy derived directly from quantum phenomena, which is then used as the foundation for creating both EVM and Solana private keys. This quantum-sourced randomness provides superior security guarantees compared to traditional pseudorandom number generators, ensuring that generated wallets possess true cryptographic strength rooted in quantum mechanical processes.

The quantum entropy integration follows security best practices: API tokens are properly secured through environment variables, entropy is fetched server-side to prevent client-side manipulation, and the randomness is correctly applied in the cryptographic key derivation process. The application maintains the integrity of the quantum randomness throughout the wallet generation pipeline, from initial entropy acquisition through final private key creation.

While several medium-priority items remain for optimization (including dependency version pinning and build-time security checks), the core security foundation is now solid. The successful resolution of critical vulnerabilities, combined with the verified implementation of genuine quantum randomness, positions this application as a security-focused platform that delivers on its promise of quantum-enhanced cryptographic security.

Note: This report represents a follow-up static analysis of the provided TypeScript/JavaScript codebase, confirming remediation of previously identified issues. The quantum randomness verification was conducted through code review of the entropy acquisition and utilization pathways. Continued security monitoring and regular audits are recommended as the application evolves.

Files and details

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Functions
public

/

State variables
public

/

Total lines
of code

/

Capabilities
Hover on items

/

Findings and Audit result

Critical
High
2
Medium
1
Low
Optimization
Informational
high Issues | 2 findings

Resolved

#1 high Issue
Privacy Risk via Local Storage
components/quantum-wallet-generator.tsx
L193-195
Description

The application stores a history of which wallet addresses have generated new wallets in `localStorage`. This creates a privacy risk, as an XSS attack could harvest this data to deanonymize users of the wallet generation feature.

Comments

Avoid storing user-identifying information in `localStorage`. If necessary for functionality, use `sessionStorage`, which is cleared when the session ends, to reduce data persistence.

Resolved

#2 high Issue
Insufficient Input Validation
app/api/etherscan/proxy/route.ts
L7-8
Description

The Etherscan proxy API endpoint uses the `address` URL parameter to construct an external API request without validating its format. This could lead to errors, API abuse, and is a vector for injection attacks.

Comments

Validate and sanitize all user-controlled input on the server side. For Ethereum addresses, use a library function like `ethers.isAddress()` to ensure the format is correct before use.

medium Issues | 2 findings

Pending

#1 medium Issue
Disabled Build-Time Security Checks
next.config.mjs
L16-19
Description

The Next.js configuration is set to ignore TypeScript and ESLint errors during production builds. This allows code with potential bugs, type-safety issues, and security anti-patterns to be deployed, increasing the risk of runtime failures.

Comments

Remove `ignoreDuringBuilds: true` for both `eslint` and `typescript` in `next.config.mjs` to enforce code quality and type-safety checks at build time.

Pending

#2 medium Issue
Missing HTTP Security Headers
N/A
LN/A
Description

The application does not configure essential HTTP security headers. This leaves it more vulnerable to client-side attacks like cross-site scripting (XSS), clickjacking, and content sniffing.

Comments

Configure security headers within `next.config.mjs` to enforce a strict Content Security Policy (CSP), `X-Content-Type-Options`, and other protective measures.

low Issues | 2 findings

Resolved

#1 low Issue
Missing API Rate Limiting
N/A
LN/A
Description

The API endpoints lack rate limiting, exposing them to denial-of-service attacks. An attacker could spam the endpoints to exhaust API key quotas for services like Etherscan and Qrypt, incurring costs and blocking the service for legitimate users.

Comments

Implement rate limiting on all public-facing API routes, especially those that proxy to paid external services. This can be achieved using middleware in Next.js.

Pending

#2 low Issue
Unpinned Dependency Versions
package.json
L11-80
Description

The project's `package.json` uses the `latest` tag for several critical dependencies (e.g., `ethers`, `@solana/web3.js`). This practice introduces significant risk from uncontrolled updates, which can lead to breaking changes or supply-chain attacks.

Comments

Pin all dependencies to specific, audited versions. Use the existing `pnpm-lock.yaml` to enforce this and run `pnpm audit` regularly to find known vulnerabilities.

optimization Issues | 1 findings

Resolved

#1 optimization Issue
Hardcoded Configuration
lib/web3-config.ts
L8-10
Description

The Web3 configuration file (`lib/web3-config.ts`) contains hardcoded RPC URLs and placeholders for API keys. This complicates management and increases the risk of accidentally committing real secrets.

Comments

Centralize all external service URLs and API key placeholders into environment variables to simplify configuration across different environments (development, production).

informational Issues | 1 findings

Resolved

#1 informational Issue
Incomplete Authentication System
lib/auth.ts
L1-2
Description

The `lib/auth.ts` file is a placeholder, indicating a complete lack of a user authentication and session management system. This is an architectural gap that prevents features requiring a persistent user identity.

Comments

For future features requiring user-specific data, a proper authentication system (e.g., using JWTs or session cookies) should be designed and implemented.