We identify critical vulnerabilities before attackers do. Comprehensive auditing, penetration testing, and responsible disclosure for DeFi protocols.
Manual line-by-line review combined with automated analysis using Slither, Mythril, and custom detection rules. Solidity, Vyper, Cairo, Move.
Full-spectrum adversary emulation covering web, API, infrastructure, and social engineering attack vectors.
Independent security research with coordinated disclosure. We find vulnerabilities in live protocols and work with teams to remediate.
Off-chain vote manipulation via unauthenticated API endpoints. Coordinated disclosure in progress.
EIP-712 signature replay across chains due to missing chainId validation. Fixed in v2.1.4.
TWAP oracle manipulation via flash loan in low-liquidity pools. Mitigated with price bounds.
First depositor share inflation vulnerability. Fixed with virtual shares implementation.
Governance manipulation via flash-borrowed voting power. Mitigated with snapshot-based voting.
Interested in an audit or want to discuss a responsible disclosure?