Services

What we Audit

sol-coin
Solana
Blue spotlight image background

We’ve worked extensively with the Solana Foundation on auditing the Solana Core code, along with Account Compression. We’ve audited a number of well-known protocols building on Solana, including Marginfi, Mayan, Jito, Ellipsis Phoenix, Raydium, Tensor, Kamino, and more.

Our experience doesn’t end there: we’ve taken this deep knowledge and applied it to our audits on a number of well-known protocols building within the ecosystem, including Marginfi, Parcl, Jupiter, Mayan, Jito, Ellipsis Phoenix, Raydium, Tensor, Squads, Kamino, GooseFX, Pyth, and more.

Security Methods

How we Audit

We can apply a number of techniques to review your code. We focus on tailoring our usage of these techniques to what makes sense for your specific security needs.

We offer both white and black box testing, depending on each project’s individual needs. We’ve analyzed the relationship between Web 3 applications and the large, unexplored Web 2 attack surfaces still present within them, which you can read about here.

We’ve also done extensive research into MetaMask’s Snaps sandboxing environment. You can learn more about this research and other work we’ve done on our blog.

Timeline

Our Auditing Process

1
Explorator Discussion

We’ll ask exploratory questions to set the groundwork for a successful audit.

2
Info Gathering

We’ll send an MNDA and look at repositories within scope to understand the details of your project and requests.

3
Quote

We’ll deliver a quote based on our expected duration, potential vulnerabilities, and the overall complexity of your project.

4
Kickoff

We’ll begin our audit and keep you informed of our findings.

5
Report Delivery

At completion, we will send you a report with our finding and suggestions for fixes.

6
Ongoing Updates

We’ll keep you updated and ask any relevant questions while we’re working on the audit

Protect your protocol

$36.82B+

On-chain TVL secured

$1.00B+

Vulnerabilities patched

Don't leave your protocol unprotected — reach out to our team of experts to start discussing a security audit.