Smart-contract and protocol security — by humans who can read the bytecode.
Solidity, Vyper, Move, ink!, Cairo, Rust-on-Substrate. Manual smart-contract review, custom symbolic-execution and fuzzing harnesses, bridge and oracle security, validator-set and consensus-client analysis. Economic-model review where the math is the threat surface.
Read the contract. Read the bytecode. Read the math.
Smart-contract security has become a market full of services calling themselves "audits" — most of them surface checklist findings against a static taxonomy of known vulnerability classes. The findings that take protocols down are not on those checklists. They emerge from understanding the protocol-specific logic, the economic model, the upgrade pathways, and the integrations with other contracts.
We read the contract source. We read the compiled bytecode where the source has been transformed by the compiler in load-bearing ways. We trace the economic incentives end-to-end. Where the customer has built custom Solidity / Vyper / Move idioms, we build custom static-analysis rules alongside the review.
For protocol-layer work — bridges, oracles, validator sets, consensus clients — the methodology extends into the off-chain components and the cryptographic protocols underneath them. Most "smart contract auditors" do not touch this layer. We do.
What the work covers.
Manual review of Solidity, Vyper, Move, ink!, Cairo, Rust-on-Substrate. Access control, math, reentrancy, upgradability, storage layout, gas-driven attack surfaces.
Game-theoretic review, MEV surfaces, governance-attack modelling, oracle-manipulation analysis, liquidation cascade analysis.
Validator-set custody, signed-message replay, light-client verification, finality-assumption review, multi-chain integration risk.
ZK proof systems, threshold signatures, BLS / Schnorr / ECDSA implementations, custom MPC protocols, key-management ceremonies.
Consensus-client implementation review, P2P stack, mempool design, slashing-condition analysis, key-custody architecture.
dApp frontend, wallet-connect flows, signing UX, transaction-construction logic, indexer integrity, RPC-layer trust.
The shape we don't ship.
- No "auto-audit" SaaS deliverable
Slither, Mythril, Securify — useful tools, owned by the customer, not by us. We do not bill expert hours to re-format SaaS scanner output as a report.
- No checklist-only review
SWC and similar registries are useful glossaries — they are not a methodology. The findings that matter are protocol-specific.
- Local LLMs as tooling, not as methodology
Smart-contract reasoning depends on understanding the protocol's specific economic and trust model. We use local LLMs we run in-house to accelerate documentation review and analyzer scaffolding. The contract review itself is human.
- No "audit badge" relationships
We do not run engagements where the deliverable is a logo on the customer's website. Findings are real, the report goes to engineering, and we walk through them with the team.
Scoped to the protocol, not to a calendar.
Single-contract review. One contract or contract set, full attack surface, written report with PoC where applicable.
Protocol review. Multi-contract protocol with off-chain components — economic model, upgrade pathways, oracle and bridge integrations, integration risk.
Node / client review. Consensus-client implementation, P2P stack, key-custody and signing-ceremony review.
Continuing engagement. Quarterly review as the protocol evolves — every change to the upgradability surface, new contract module, new bridge integration is a new attack surface.
Duration depends on contract complexity, integration surface, and depth of coverage. We scope against the actual code.