Integrity Check & Security

To mitigate smart contract risks, Hinkal has integrated three pillars of security:

1) Audits: Quantstamp, Secure3 and Zokyo

2) Real-Time Protection and wallet screening: Hexagate

3) Bug Bounties: Immunefi

To ensure no illicit parties can access the protocol, Hinkal users are required to pass an integrity check.

Access token

Before using Hinkal’s functions, all users must obtain an "Access Token". Currently, users are required to mint an ‘Access token’ per chain.

When a user connects their wallet, Hinkal checks if they already have the ‘Access Token’ in that same wallet - meaning they have already passed the integrity check.

• If the user has already completed their verification through one of our verification partners, no additional verification is required - the user can mint their "Access Token" and use Hinkal’s functions as normal.

• If no token is detected in the user’s wallet, then the only buttons available are for minting one, by going through the verification process provided by our partners. This process is as follows:

Verification flow

1. Hinkal checks if the user has a Binance Account Bound Token (BABt), Galxe Passport, or soulbound tokens from 0xKYC/zkMe in the connected wallet.

2. If one of the above tokens is detected, the user does not need to pass the integrity check again, they can directly mint the ‘Access Token’.

3. If the user does not have one of the above tokens, they need to provide an attestation from their preferred verification partners among the supported options. Currently, Hinkal supports reusable attestations (for multiple wallets) from Authento. Alternatively, users can obtain attestations for their wallet through two major CEXs (Coinbase, Binance) or partner protocols (zkMe, Galxe, 0xKYC, and AiPrise) and get verified. The verification process takes <1 minute and when it is complete, the user can mint their ‘Access Token’. For a full list of Hinkal's verification options check here.

Once the user's PII has been verified, all they have to do is very easily mint a non-transferable token (the ‘Access Token’) that confirms they provided a KYC(B) attestation.

Upon minting the ‘Access Token’, users are then eligible to deposit funds into the smart contract.