Audit services

Human-led review for systems where the edges matter.

Smart contracts / ZK / wallets / exchanges

Taichi audits protocol logic, asset flows, and the integration boundaries where individually correct components can still produce a critical failure.

Engagement types

Scope the risk, not a generic checklist.

01

Protocol security audits

Manual, invariant-led review of EVM, Solana, Move, CosmWasm, and Cairo systems where asset accounting and state transitions are the core risk.

  • Threat model and trust boundaries
  • Accounting and economic invariants
  • Privilege, upgrade, and recovery paths
02

ZK and proof integrations

Review of verifier wiring, proof-dependent transitions, circuit assumptions, and the gap between what a proof establishes and what a contract enforces.

  • Public-input binding
  • Verifier and circuit assumptions
  • On-chain / off-chain consistency
03

Wallets and hybrid systems

End-to-end review of signing flows, APIs, exchange or wallet backends, and custody-adjacent boundaries that cannot be understood from contracts alone.

  • Authorization and signing flows
  • API and backend trust boundaries
  • Cross-system failure modes
04

Integration and upgrade reviews

Focused review for adapters, callbacks, wrappers, migrations, token edge cases, and changes that alter the assumptions between deployed components.

  • Callback and reentrancy surfaces
  • Oracle and token assumptions
  • Migration and compatibility risk
Engagement flow

Clear before, direct during, verified after.

The review starts with a defined commit and includes one focused review of agreed fixes submitted within the remediation window.

At least two researchers
  1. 01

    Fit and availability

    Send the target repository, chain, launch window, and the behavior that matters most. We normally respond within 24–48 hours.

  2. 02

    Scope and proposal

    We review code size, complexity, dependencies, documentation, and schedule before proposing coverage, staffing, timing, and commercial terms.

  3. 03

    Model and attack

    At least two researchers map assets, actors, trust boundaries, and invariants, then challenge dangerous paths independently and together.

  4. 04

    Report and discuss

    Findings include impact, root cause, affected paths, and actionable remediation. Critical questions are discussed during the review, not saved for the end.

  5. 05

    Verify fixes

    One focused review of fixes submitted within the agreed remediation window is included for in-scope findings.

What you receive

Evidence your engineers can act on.

Agreed scope and review commit
Coverage and trust-boundary summary
Severity-ranked findings with technical evidence
Concrete remediation guidance
Direct clarification channel during the engagement
Focused fix review and final finding status
A strong fit

Ready enough to review, important enough to challenge.

  • The system moves or controls meaningful value.
  • Protocol-specific accounting, math, or permissions matter.
  • The code integrates external protocols, tokens, or proofs.
  • The team can provide a stable review commit and answer design questions.

Still changing architecture or unsure what to scope? Send the current design and launch constraints; we will tell you what needs to stabilize before a review is useful.

Prepare the scope

A better brief produces a better review.

These inputs let us estimate the work accurately and spend review time on system risk rather than reconstructing basic context.

  1. 01

    Repository or code archive and target commit

  2. 02

    Architecture overview, specifications, and intended invariants

  3. 03

    Target chain, compiler, deployment, and test instructions

  4. 04

    External dependencies and privileged roles

  5. 05

    Known limitations, prior reviews, and unresolved concerns

  6. 06

    Code-freeze, remediation, and launch dates

Questions before scoping

Audit FAQ

How is an audit priced?

Pricing is scoped from complexity, review surface, dependencies, documentation quality, staffing, and schedule. Share a stable commit or representative repository so we can give a defensible proposal instead of a misleading flat rate.

How long does a review take?

The review window depends on the system and current availability. We usually confirm fit and next steps within 24–48 hours, then include the proposed review and remediation windows in the scope.

Do you work under NDA?

Confidentiality and report publication are agreed before kickoff. If the repository or design is sensitive, email us before sharing confidential material.

Does the code need to be frozen?

A stable target commit is essential for reliable coverage. Necessary changes can be discussed during the review, but material feature changes may need to be separately scoped.

Is remediation review included?

Yes. One focused review of fixes submitted within the agreed remediation window is included for in-scope findings. Larger redesigns, later rounds, or newly introduced scope may require a separate estimate.

Can an audit guarantee the system is secure?

No credible audit can make that guarantee. An audit reduces risk within a defined scope and time window; testing, monitoring, access controls, incident response, and responsible launch practices remain part of the security model.

Next step

Give us the system, the stakes, and the date.

We will reply with fit, availability, missing scope information, and a clear path to a proposal.