Web3 is the modern standard for transparent financial transactions, trustless accessible banking, and the global economy. But to build a competent, tamper-proof network and safeguard your users' assets, you need comprehensive security services.
Dusk is a L1 blockchain built from scratch to fill the gap in Web3: native private transactions, regulatory-compliant. Rusk is the official Dusk protocol node client and smart contract platform. During the audit, both consensus algorithm and node implementation has been reviewed
— platform for DAOs:
- Vesting contract
- Payroll factory
Axelar is a cross-chain General Message Passing platform unlocking cross-chain swaps and calls across multiple networks. The audit was conducted on Code4rena and included thorough code review of Interchain Token Service contracts and gateways on Ethereum and Cosmos
— bridge from Ethereum to Polkadot:
- Beacon chain light client built as parachain
- Asset Hub and Bridge Hub parachains
- BEEFY light client built as Solidity smart contract
— bridge from Cosmos to Polkadot:
- GRANDPA finality proofs verification
- CosmWasm contract and IBC messaging
- Major and Critical vulnerabilities found
- Architecture of DEX
- Atomic Swap prototype
- custom Substrate network
- custom Polygon Edge network
- scalability analysis of EVM-networks
- performance analysis, stress testing
- test deployments of ChainBridge
- test deployments of Avalanche
- test deployments of Fantom
Redefining trust and transparency in the digital era: partnering with our expert blockchain auditors to safeguard your assets, verify transactions, and navigate cryptocurrencies Redefining trust and transparency in the digital era: partnering with our expert blockchain auditors to safeguard your assets, verify transactions, and navigate cryptocurrencies
My name is Kirill Taran, and I wear multiple hats in the digital realm. I audit decentralized systems and smart contracts both independently and as a contractor. In my spare time, I dedicate myself to researching the architecture of cryptocurrencies and decentralized algorithms.
- Security Advisory
- Solution Architecture
- Technical Leadership
- Formal Verification
- Smart Contracts
- Algorithms & Optimization
- Research & Data Analysis
- Token Economics
- Rust
- CosmWasm
- Substrate
- ink!
- Move
- Solidity
- Polkadot
- Ganache
- SCALE
- RocksDB
- TypeScript
- web3.js
- ethers
- ssz-rs
- Ethereum
- Cosmos
- Polkadot
- Bitcoin
- Aptos
- Sui
- Proof-of-Stake
- Proof-of-Work
- BFT Consensus
- BABE/GRANDPA
- DAG-based
An audit is like a thorough checkup for digital projects. Its main goals are to make sure everything works as it should, find and fix any weak points that could be exploited by hackers, discover bugs that might cause unexpected issues, and check if the best coding practices were followed. Auditing isn't just about pointing out problems; it also provides helpful suggestions to make the code safer and easier to understand. In a nutshell, auditing is an investment in a project's health, protecting the team and its customers from unexpected financial losses.
The process begins with understanding the code's purpose through documentation. Automated tools can speed things up, but manual analysis for security issues and best practices is unavoidable. Each project undergoes meticulous line-by-line examination, checking for race conditions, overflow problems, key management, and access control. DeFi projects are particularly susceptible to reentrancy attacks or oracle manipulation, among other potential vulnerabilities. A comprehensive audit demands careful attention, so it's more about being thorough than being fast. Time to complete an audit depends on the codebase size and complexity, but typically it ranges from 1 to 3 weeks.
While it's theoretically possible for an audit to result in finding zero vulnerabilities, it's highly unlikely in practice. No system or process is entirely free from vulnerabilities, as security landscapes are constantly evolving, and new vulnerabilities may emerge over time.However, if a system has undergone rigorous security measures, regular updates, and best practices in design and implementation, it may have fewer vulnerabilities and be more resistant to attacks. In such cases, it's possible that no critical or major vulnerabilities are found during an audit, yet minor issues and areas for improvement may be identified. Recommendations will be provided to fortify the project's security further. If, in the rare event, our audit of your project discovers no issues across all vulnerability levels, we'll refund 100% of the amount paid.
Our pricing structure is tailored to the complexity of the project, the scope of the audit, and the expertise required. We offer competitive rates based on industry standards and the unique requirements of each engagement. For detailed information on pricing, we encourage you to contact us using the "Request a service" form. We're eager to discuss your needs and provide a quote aligned with the value of our services. The cost increases if you opt for a public audit, additional threat modeling, or economic consulting services.
Both kinds of auditing thouroughly verify that the project functions correctly and identify vulnerabilities and potential attack vectors. However, the results of a private audit are shared exclusively with internal stakeholders to ensure confidentiality during the project's development. The report is published immediately after the analysis is completed. On the other hand, public audits serve as a transparent proof of a project's security and reliability, fostering trust within the broader community and attracting external stakeholders. Public audits typically involve multiple auditors to cross-check each other and scrutinize each line of code meticulously. The initial report is drafted and presented to the customer, who then has a fixed one-month period to address any identified issues. After this timeframe, all issues are re-evaluated to ensure resolution by the customer. The status of each issue in the report is updated, and the finalized report is published on our website, making it publicly accessible.
To enhance the efficiency of an audit, undertake fundamental refactoring, address outstanding to-dos, and streamline the code for improved comprehension. This approach ensures that the audit focuses on identifying complex and potentially hazardous vulnerabilities. Once these improvements are implemented, it is crucial to freeze the code and provide us with the corresponding commit hash. An audit requires the codebase to be immutable, as any alterations necessitate a reassessment of the affected segments within the scope.
After your project has been audited, there are several steps you, as a client, can take to ensure the effectiveness and integrity of the audit process:
1. Review the Audit Report:
Carefully examine the audit report provided by the auditing team, and prioritize recommendations based on their severity.
2. Develop an Action Plan:
Collaborate with your development team to create a detailed action plan for implementing the recommended changes. Define timelines and allocate necessary resources.
3. Communication with Stakeholders:
Keep stakeholders informed about audit results, planned actions, and potential impacts on project timelines. Maintain transparent communication.
4. Implement Changes:
Execute the action plan by implementing necessary changes to your project, resolving all discovered issues based on the audit report.
5. Retest and Validate:
Conduct rigorous testing to ensure that identified vulnerabilities have been successfully addressed. Validate the effectiveness of applied solutions.
6. Documentation:
Update project documentation to reflect changes made based on the audit recommendations. Use this documentation as a resource for future audits and development efforts.
7. Continuous Monitoring:
Establish a process for continuous monitoring of your project's security and performance. Regularly assess and reassess your system to identify and address new vulnerabilities.
8. Provide Updated Codebase:
If the audit is public, provide the auditing team with the updated codebase. Separate fixes for each issue into distinct commits for easier review.
9. Review Fixes:
The auditing team will promptly review your fixes shortly and update the audit report accordingly.
10. Feedback and Improvement:
Gather feedback from the audit process and leverage it to enhance your development practices. Integrate lessons learned into future projects. By following these steps, you can not only address the findings of the audit but also strengthen the overall security and robustness of your project.
Whether you're gearing up for a thorough audit or are still in the planning stages of your project, we encourage you to get in touch. Our expertise extends to architecture and security consulting, catering to a diverse range of needs. Rest assured, all inquiries are attentively processed during business hours. You can expect a response within an hour; however, we appreciate your patience if it occasionally takes a few days.
