Competition-tested audits for DeFi teams shipping critical code.
We review smart contracts, ZK integrations, exchanges, wallets, and Web2-Web3 systems with contest-proven researchers, past-exploit playbooks, and source-level analysis.
Public proof
Contest record and audit signal
Highlighted finishes
Contest performance is used as evidence, not decoration.
Past hack analysis feeds review checklists.
Long-form research shows how we reason about code.
Audit Focus
Built for protocols where bugs hide in accounting and integration edges.
We are most useful on systems with non-trivial state transitions: markets, vaults, callbacks, cross-program calls, proof verification, exchange logic, wallet flows, or protocol-specific math that needs source-level review.
Smart contract systems
Solidity, Move, Solana, CosmWasm, and Cairo codebases across DeFi protocols, vaults, bridges, and upgradeable systems.
ZK integrations
Verifier integrations, proof-dependent state transitions, circuit assumptions, trusted setup boundaries, and on-chain validation logic.
Web2-Web3 products
Exchange frontends, backend services, wallet flows, signing boundaries, API assumptions, and off-chain systems that touch user assets.
Integration risk
Adapters, wrappers, callbacks, ERC4626/ERC3525-style accounting, cross-protocol assumptions, and edge-case liquidity flows.
Review Model
A practical audit flow, not a feature checklist.
The process is intentionally simple: understand the protocol, trace the dangerous paths, review them with at least two researchers, then verify the fixes. Fix review is included by default in every audit engagement.
Scope an auditMap the protocol
We start from assets, trust boundaries, user flows, and economic invariants instead of only reading files top to bottom.
Trace dangerous paths
Accounting updates, callbacks, liquidation branches, oracle reads, CPI boundaries, and privileged operations get explicit paths.
Review with 2+ researchers
At least two auditors review each engagement, with focus split by subsystem and vulnerability class.
Verify fixes
Findings are delivered with impact, root cause, and remediation notes; patched code receives a focused follow-up pass.
Research
Our public writing shows how we review code.
Morpho Internals
A source-level lending protocol walkthrough: markets, IRMs, oracles, vaults, and integration security.
Solana Security
Reviewer-grade notes on account creation, Anchor behavior, CPI reloads, Token2022, and DoS patterns.
Solv Hack Analysis
Callback-driven double minting in an ERC-3525 wrapper, explained from source to exploit mechanics.
Have a codebase ready for review?
Send scope, repository access model, target dates, and the protocols you integrate with. We will respond with availability and a review plan.
Proof
We prefer evidence over broad claims.
The signal we want clients to inspect is public: contest placements, long-form source walkthroughs, CTF performance, and hack analyses.
Audit contests
11 times Top 3 wins including 6 first places. Recent wins: OneWorld #1, Coinbase SpendPermission #1, Arbitrum BoLD #1.
Web3 CTFs
Remedy CTF 2025 #7, Blaz CTF 2024 #4, OpenZeppelin Ethernaut CTF 2024 #9, Secureum RACEs multiple Top 3 wins.
Our specialization
We review Solidity, Move, Solana, CosmWasm, Cairo, ZK integrations, and Web2-Web3 systems such as exchanges and wallets.
Our philosophy
We believe that the best way to demonstrate security expertise is to participate in audit contests and CTFs. No public record, no skills.
Want this review model on your protocol?
Share repository scope, target chain, key integrations, and launch timeline. We will respond with availability and next steps.
Contact
Scope a review
Send repository scope, target chain, integrations, and timeline. We respond within 24-48 hours.
Request an Audit
Open the request form and we will scope review depth, timeline, and availability.
Emergency Security Issue?
Found a critical vulnerability in an audited protocol? Contact us immediately.