Independent security research & audits

Security for code that moves value.

Taichi is a competition-tested research group auditing smart contracts, ZK systems, exchanges, wallets, and the integration boundaries where critical bugs tend to hide.

2+ researchers per reviewFix review included24–48h response
Review surface / 01System online
01Accounting
02Access
03Integrations
04Economics

Invariant map

70+

Competitive audits

14

First places

170+

H/M findings

Selected first-place results

ZKsync EraMaia DAOArbitrum BoLDArcade.xyzCoinbaseOneWorld
Where we go deep

Review the system, not just the files.

The highest-impact failures often live between components: a callback that breaks accounting, a proof assumption that is not enforced on-chain, or an API boundary that changes who can sign. That is where our reviews begin.

Discuss your attack surface
01

Protocols · vaults · bridges

Smart contract systems

EVM, Move, Solana, CosmWasm, and Cairo systems with complex asset and state transitions.

02

Proofs · verifiers · circuits

ZK integrations

Verifier wiring, proof-dependent state transitions, circuit assumptions, and trusted boundaries.

03

Wallets · exchanges · APIs

Web2–Web3 products

Exchange backends, wallets, APIs, signing flows, and off-chain systems touching user assets.

04

Accounting · callbacks · oracles

Integration risk

Adapters, callbacks, wrappers, share accounting, cross-protocol assumptions, and liquidity edges.

Review model

Human judgment, made systematic.

Tools widen coverage. Researchers decide what matters. Every engagement turns a protocol model into explicit paths to challenge.

Minimum two researchers
  1. 01

    Model the system

    Map assets, actors, trust boundaries, user flows, and the invariants the protocol must preserve.

  2. 02

    Trace dangerous paths

    Follow accounting changes, callbacks, liquidation branches, oracle reads, CPI boundaries, and admin operations.

  3. 03

    Challenge the model

    Two or more researchers attack the design from separate subsystems and vulnerability classes.

  4. 04

    Verify remediation

    Re-review patched code against root causes and adjacent edge cases. Fix review is included by default.

Verifiable signal

Trust the record, not the adjectives.

Security marketing is easy to write. Public placements, reproducible research, and findings that survive judging are harder to fake.

70+

Competitive audits

14

First places

24

Top 3 finishes

170+

H/M findings

Contest record

01

24 Top 3 finishes

14 first-place results across high-complexity protocol reviews.

Adversarial practice

02

Remedy CTF 2025 · #7

Ongoing CTF work keeps exploit construction—not just issue classification—in the review loop.

Published reasoning

03

Research you can inspect

Source walkthroughs and incident analyses expose the depth and clarity of our reasoning.

Every audit includes two or more researchers and a focused fix review by default.

No add-on fee

Public portfolio data · verified Jul 2026

Start a review

Your code is nearly ready. Let's make it hard to break.

Share the repository scope, target chain, key integrations, and launch window. We typically reply with availability and next steps within 24–48 hours.

Open audit request
Intake open

Critical disclosure involving a protocol we reviewed? Use Telegram or email for the fastest response.