Ipal Network · Smart Contract Security AssessmentIpal Network Client Hub

IPAL Network Security Assessment

Zealynx audited the IPAL Network knowledge marketplace, a decentralized protocol that mints NFT-gated time-limited access tokens to monetizable knowledge vaults with co-ownership and an upgradeable proxy architecture. The 7-day review identified 18 issues including 1 Critical (vault hijacking via missing access control on setSubscription) and 3 High severity (JSON injection in tokenURI, public setAccess bypass, duplicate subscription entries). 15 findings were fixed and 3 were acknowledged.

HyperliquidSoliditySmart Contract Code Review2025-07-31Zealynx methodology
Total findings
18
15 fixed · 3 acknowledged
Critical
01
High
03
Medium
03
Low + Info
11
02

Scope

6 files · 629 SLOC
Initial commit
46672864c42f
Final commit
80156f6ec201
Platform
Hyperliquid · Solidity
Methodology
Zealynx audit methodology
File
KnowledgeMarket.sol
KnowledgeMarketV2.sol
ERC4908.sol
KnowledgeMarketProxy.sol
ProxyAdmin.sol
$IPAL token contract
03

Findings

click any row for the full write-up
Severity
ID
Finding
Status
criticalF-2025-0001Missing access control in setSubscription enables vault hijacking and revenue theftFixedhighF-2025-0002Missing JSON sanitization in tokenURI enables metadata injection attacksFixedhighF-2025-0003Public setAccess function bypasses business logic validation enabling direct vault manipulationFixedhighF-2025-0004Missing duplicate prevention in setSubscription allows multiple subscriptions per vaultFixedmediumF-2025-0005Missing token existence validation in tokenURI leads to EIP-721 standard violation and marketplace integration issuesFixedmediumF-2025-0006Missing state tracking in treasury transfers leads to unaccountable fund movementsAckmediumF-2025-0007Transferable NFT design enables subscription sharing and secondary market revenue dilutionAcklowF-2025-0008Missing _disableInitializers() call in KnowledgeMarketV2 constructorFixedlowF-2025-0009Missing parent contract initialization in upgradeable contractFixedlowF-2025-0010Unofficial EIP-4908 designation creates trust and credibility concernsFixedlowF-2025-0011Missing storage gaps in upgradeable contractFixedlowF-2025-0012Missing active subscription validation in mint function leads to accidental duplicate purchasesFixedlowF-2025-0013Missing event emission in token distribution functions leads to lack of transparency and monitoringAcklowF-2025-0014Immutable platform fee configuration leads to inflexible fee structure and forced upgradesFixedlowF-2025-0015SubscriptionCreated event missing co-ownership parametersFixedlowF-2025-0016Potential for locked ETH due to direct transfersFixedinfoF-2025-0017Inconsistent use of checks-effects-interactions (CEI) pattern in _processPaymentFixedinfoF-2025-0018Unnecessary and misleading check in implementation()Fixed
04

Key Findings

  • Vault hijacking via missing access control in setSubscription. The setSubscription function does not verify that msg.sender owns the specified vault, letting any address overwrite a vault's subscription terms (price, duration, co-owner) and make private content public without the creator's consent.
  • JSON injection in tokenURI enables metadata manipulation. User-controlled strings are concatenated directly into JSON metadata without sanitization, allowing vault owners to inject duplicate keys ("name", "description", "image") that override the legitimate values displayed by NFT marketplaces and frontends.
  • Public setAccess bypasses business logic validation. The setAccess function on the underlying ERC4908 contract is public, letting any address modify access controls directly and create state inconsistencies between the platform's subscription tracking and actual on-chain access permissions.
  • Duplicate subscription entries per vault. setSubscription accepts multiple calls for the same vaultId, creating duplicate entries in vaultOwnerSubscriptions[] while the underlying setAccess overwrites only the latest, leaving orphaned data that breaks getVaultOwnerSubscriptions and deleteSubscription semantics.
  • Treasury fund accountability gap. transferFromTreasury allows the owner to move tokens from the treasury (70% of total supply) without any state tracking, allocation limits, or event emission, leaving token holders with no transparency into how the largest allocation is used.
05

Team & approval

Lead Auditor
Sergio
@Seecoalba
Auditor
Carlos (Bloqarl)
@TheBlockChainer
06

Disclaimer

This audit is not an endorsement and does not constitute investment advice. Zealynx reviewed the codebase at the commits listed in section 02 over the engagement window. Findings are limited to issues identified within that scope and do not preclude the existence of other vulnerabilities. Subsequent code changes are not covered by this report unless the engagement is explicitly extended.

Download PDF (40p)
ZEALYNX SECURITY · published 2025-07-31
18 findings · Solidity

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx