All of our engineers are trained formal methods experts, and we take a formal verification-oriented approach to security audits.
To help you get the full experience and maximum benefit from our security reviews, we've prepared the audit readiness guide.
Make sure your code is 'feature-frozen' at least 2 days before the audit begins.
Fix compiler warnings and remove dead or unused code.
Make sure third-party libraries are locked to specific versions.
Ensure that your tests cover the core functionality of your protocol.
Include edge and negative test cases.
Test the integration points between your protocol and external systems.
Add fuzzing or property-based tests if available.
Write a simple overview of how your protocol works and its main components.
Supply a simple diagram of how contracts interact internally and externally.
Use NatSpec or inline comments for complex logic or security-critical sections.
Share a quick setup guide for installing dependencies.
Include instructions for building and deploying the contracts.
Share any prior audit reports or known security considerations.
List contracts/files to be audited vs. excluded.
If using a monorepo, specify which folders apply to the audit.
Communicate any critical deployment dates.
Designate a point of contact who will be available during the entire audit window.
Respond promptly to questions or clarifications from our team.
Plan a quick turnaround for applying fixes and letting us re-check them.