How much does a smart contract audit cost?

Smart contract audit pricing depends on the complexity and size of the codebase, typically ranging from $10,000 to $100,000+. We provide custom quotes after a scoping call where we review your codebase, architecture, and timeline. Contact us for a free initial assessment.

What is a Web3 security audit?

A Web3 security audit is a comprehensive review of smart contracts and blockchain infrastructure to identify vulnerabilities before they can be exploited. It combines manual expert review with automated tools like static analyzers and fuzzers to find issues like reentrancy bugs, access control flaws, and business logic errors.

How long does a smart contract audit take?

A typical smart contract audit takes 1-4 weeks depending on codebase size and complexity. Simple contracts may take 1 week, while complex DeFi protocols with multiple interacting contracts can take 3-4 weeks. This includes the initial review, report delivery, and remediation verification.

Offensive Security. Web3-Native.

Smart contract audits from application layer to VM internals. Penetration testing, red team operations, and cryptographic primitive review — for teams building at the edge of what has been secured before.

Request an Audit View Research

// DEF CON · Infiltrate · 15 yrs offensive security · Web3 + Web2

audit.sol

▋

audit in progress

15+

years offensive security

DEF CON & Infiltrate talks

L1/L2 cores audited

12+

chains audited

undisclosed critical findings

// chains audited

EthereumEVM

ArbitrumL2

OptimismOP Stack

BaseOP Stack

ZKsyncZK Rollup

PolygonZK / PoS

SolanaSVM

BNB ChainEVM

AvalancheEVM

CosmosIBC

TONL1

SuiMove VM

// where we’ve been

Infrastructure-depth security research.

Most auditors review application contracts. We have reviewed the VMs, bridges, consensus engines, and cryptographic primitives they run on.

// ZK & L2 infrastructure

ZK-SNARK Circuits & L2 Bridge Verification

Reviewed Linea’s L2 bridge for IFT — covering ZK-SNARK-friendly hash functions, circuit isolation, proof aggregation middleware, rollup-to-mainnet exit verification, fraud-proof state roots, and operator liveness constraints.

ZK-SNARKsCircuit IsolationProof AggregationRollup ExitFraud Proofs

// cross-chain & cosmos

IBC Routing, Cosmos SDK & Evmos Execution Layer

Audited Cosmos SDK modules, Evmos execution layer, IBC cross-chain routing, token port modules, and light-client relay logic at ZetaChain. Consensus fault detection and state transition analysis on TON, Solana, and Sui core implementations.

Cosmos SDKIBC RoutingLight ClientEvmosState Transitions

// VM internals & bridges

RSKj VM, Trie Structures & Two-Way Peg Security

DeFi protocols and L1/L2 infrastructure at RootStock — RSKj VM internals, trie structures, precompiled contracts, two-way peg bridge, gas-cost inflation vectors, and federated HSM-based signing infrastructure.

RSKj VMTrie StructuresTwo-Way PegFederated HSMGas Inflation

// cryptographic primitives

Noise Protocol, Key Exchange & Ratcheting

Secure code audits for Codex, Waku, Nomos, and Status Wallet in Rust, Nim, and JS — including cryptographic primitive review of Noise handshake protocols, ephemeral key exchange, and ratcheting behaviors.

Noise ProtocolEphemeral KeysRatchetingRustNim

// consensus & fork handling

Consensus Fault Detection on TON, Solana & Sui

Security audits of TON, Solana, and Sui core implementations — focusing on consensus fault detection, fork handling edge cases, and state transition serialization bugs at the protocol layer.

Consensus FaultsFork HandlingState SerializationSVMTVM

// custom tooling

Custom Slither Detectors & Formal Verification

We build the tooling, not just use it. Custom Slither detectors written for client-specific vulnerability classes, alongside Echidna, Medusa, Halmos, and Certora across EVM, Rust, and Cairo codebases.

Custom SlitherEchidnaMedusaHalmosCertora

// our services

What We Do

Hands-on offensive security from smart contract logic to L1 consensus engines. No automated scan reports. No junior consultants. Every engagement is led by a senior engineer who has audited the protocols, VMs, and cryptographic primitives your stack depends on.

Smart Contract Audit

EVM (Solidity/Vyper), Rust, Cairo, Nim, and Move. From DeFi protocol logic to L1/L2 VM internals, ZK circuits, and cross-chain bridge verification.

Manual ReviewCustom ToolsAderynEchidnaMedusaHalmos

Learn more

Red Team Operations

Full-scope adversary simulation. Infrastructure, social engineering. TIBER-EU methodology.

ExternalInternalSocial EngineeringTIBER-EU

Learn more

Blockchain Infrastructure Security

Nodes, RPC, key management, validator security, threat modeling for protocol backends.

Node HardeningKey ManagementThreat ModelingHSM/MPC

Learn more

Security Architecture Review

Pre-code threat modeling for protocols, bridges, L2s. Cheaper than post-launch fixes.

Threat ModelingDesign ReviewDeFiBridges

Learn more

Vulnerability Research

Bespoke research for vendors and protocols. CVE-track history in firmware and blockchain.

CVE ResearchFirmwareEmbeddedBlockchain

Learn more

vCISO / Advisory

Fractional security leadership for Web3 teams building their security function from scratch.

StrategicPolicyIncident ResponseOngoing

Learn more

// web2 & full-spectrum

Beyond the Blockchain

Web3 doesn’t exist in isolation. Most protocols have web2 attack surfaces — APIs, admin panels, CI/CD pipelines, employee endpoints. We test all of it.

Web Application & API Penetration Testing

Manual penetration testing of web applications, REST/GraphQL APIs, and authentication flows. No scanner-first methodology — we test like an attacker with time and motivation.

OWASP Top 10API SecurityAuth BypassIDORSQLiManual Testing

Learn more

Network & Infrastructure Penetration Testing

External and internal network penetration tests. From external perimeter enumeration through to domain compromise. Relevant for Web3 companies with traditional corporate infrastructure.

External PerimeterInternal NetworkActive DirectoryLateral MovementVPN

Learn more

Mobile Application Security

Mobile application security assessments for iOS and Android. Particularly relevant for Web3 wallet apps and DeFi mobile clients where private key handling and biometric bypass are critical vectors.

iOSAndroidAPI InterceptionBinary AnalysisRuntime Manipulation

Learn more

// new attack surface

AI Security & AI × Web3

LLMs, autonomous agents, and on-chain AI systems are the next major attack surface. We bring offensive security research tradecraft to both sides of this stack.

AI Systems

Securing the AI Stack

Prompt injection. Jailbreaks. Data poisoning. RAG pipeline leakage. Agentic privilege escalation. We red team LLM systems using the same offensive mindset we bring to every engagement.

Prompt InjectionJailbreak TestingRAG AuditAI Agent Red TeamOWASP LLM Top 10MCP Security

AI × Web3

Where Both Worlds Collide

On-chain AI agents. LLM-integrated DeFi governance. AI oracle manipulation. We assess the full cross-stack risk surface where decentralized protocols embed AI components.

AI Oracle SecurityOn-chain AI AgentsLLM-Augmented AuditModel IntegrityAI Supply ChainCross-stack Threat Model

View all AI security services →

// how we work

A Rigorous Process. No Shortcuts.

Every engagement follows a battle-tested methodology — from scoping to final deliverable.

Scoping Call

We review your codebase, architecture docs, and threat model. We define scope, timeline, and commit hash.

Manual Review

Line-by-line analysis by an experienced security researcher. Logic flaws, access control, flash loan vectors, upgradeability risks — nothing is skipped.

Automated & Fuzzing

Custom tools developed by Viper, alongside industry standards: Aderyn (static analysis), Echidna/Medusa (property-based fuzzing), Halmos/Certora (formal verification where applicable).

Initial Report

Findings categorized by severity: Critical / High / Medium / Low / Informational. Each with PoC exploit where applicable.

Remediation Review

Your team implements fixes. We verify each mitigation and update finding status to Resolved or Acknowledged.

Final Report

Publishable PDF report delivered. Can be made public to signal security posture to your community.

// audit reports

We Publish Our Work

Transparency is a security signal. Where clients permit, we publish full audit reports — so the community can verify the work.

ZK-L2 Bridge Security Audit[Confidential]

Ethereum L22024-Q4

2 Critical · 2 High · 1 Medium

Under NDA

Cosmos SDK & IBC Cross-Chain Modules[Confidential]

Cosmos / EVM2024-Q2

2 Critical · 3 High · 2 Medium

Under NDA

RSKj VM & Two-Way Peg Bridge[Confidential]

Bitcoin / EVM2023-Q3

0 Critical · 2 High · 4 Medium · 3 Low

Under NDA

View all public reports

// research

Latest Research

Security insights from the field.

Smart Contracts2025-11-15

Reentrancy Patterns in Modern DeFi: Beyond the Classic Attack

An analysis of cross-function and cross-contract reentrancy patterns found during recent DeFi protocol audits, including novel attack vectors in ERC-4626 vault implementations.

Red Team2025-09-22

Red Teaming a Web3 Organization: Lessons from the Field

Case study of a full-scope red team engagement against a Web3 company, covering social engineering of developer teams, CI/CD pipeline compromise, and smart contract deployment key extraction.

Web3 Infrastructure2025-07-10

Validator Key Management: HSMs, MPC, and the Gaps Between

A practical guide to validator key management security, comparing HSM-based approaches with MPC solutions and identifying common configuration mistakes that undermine both.

Ready to secure your protocol?

We work with a limited number of clients to maintain quality. Reach out early.

Start a Conversation