Be confident in your smart contracts
Founded in 2017, Solidified is one of the most experienced smart contract auditing firms, with a stellar record. With a team consisting of computer scientists, cryptographers, economists, and distributed systems researchers, we provide in-depth and detailed audits to help secure your protocol and give you confidence in your smart contracts.Get a quote
Trusted by top organizations
What our clients say about us
“Solidified’s unique multi-tier approach to security has helped us to identify security risks early on and has enabled us to securely launch the Generic Insurance Framework. We expect to continue working with them on future evolutions of the protocol.”
"OAK have been a trusted partner to Violet's mission to evolve trust in Web3 since inception. After working together on the launch of the Humanbound Token, we look forward to expanding our relationship across security and audits for a suite of new projects."
"Solidified have been a meticulous and dependable partner for the launch of Aztec Connect. They have helped us bring scaling and privacy to over 10 DeFi protocols with timely and detailed audits. We look forward to continuing work with them as we scale privacy to mainstream."
"Solidified are one of the OG's of security auditing, they've trained some of the best auditors out there and have seen it all."
Solidified in numbers
What we do
Our signature product is a multi-layered audit, involving three or more independent security researchers with complementary skillsets performing an isolated and unbiased audit of your smart contracts. The final report lists all discovered vulnerabilities and suggested solutions approved by the consensus of auditors.Get a quote
How we can support you
Our in-depth, holistic, and comprehensive services cover all stages of your product lifecycle, from consulting on the security properties of the initial idea, over whitepaper reviews, advice on tokenomics, code reviews, testing, fuzzing, up to release management and operational security.
review & design
What we secure
Our process is designed to be thorough, diverse, and varied. We employ a variety of techniques and perspectives to give you a 360 degree review of your project to ensure the greatest coverage and depth possible.
Each audit is done by 3+ auditors, who are chosen for their expertise in your industry. Cryptography projects will have a cryptography expert on the team, DeFi projects will have an economist on the team.
Your auditors will work independently to conduct an in-depth assessment of your code and project, performing manual code reviews and utilizing static analysis tools, as well as approved testing and modeling methods.
The auditors will share their findings in a consensus meeting, and put together your final report. We are then available to discuss the findings and review your fixes.
Our team spans the whole globe
Calling on a team of 45+ expert auditors including Master’s and PhD holders, economists, cryptography experts, and experienced computer scientists, we are able to tailor our audits to provide you with the support you need.
Oak Security is the result of two domain experts in Computer Science and Economics getting together after years of collaborating to build a unique team to secure the new decentralized finance systems.
Dr. Stefan Beyer
Ph.D. in Computer Science
Has worked on Distributed Systems since 2004 (Pre-Bitcoin)
Blockchain security audits since 2018
More than 50 projects audited
Request a quote
Frequently asked questions
Can't find the answer here?
Drop us a message
During our audits, we employ several measures to maximize the likelihood of finding critical issues in the codebase and provide as much security as possible. Despite these efforts, there is always a possibility that we miss issues. Security audits should only be considered one component of your overall security strategy. A security review is no substitute for other best practices and should be accompanied by a security-focused design process, extensive unit, integration and end-to-end testing, internal code reviews, bug bounties, secure development processes, as well as strictly followed operational security processes.
Whilst we would like to promise you a 100% hit rate, we believe no security company can make this claim.
It depends – we estimate the cost of each audit individually and provide a quote based on a number of factors, including the amount of code, complexity, remaining risk, and the cost of the specialized team required for the specific project. Contact us here to request a quote, we will get back to you within one business day.
Solidified uses a unique process. We assign at least three auditors to each project. Our standard process includes initial static code analysis and manual code review. Each auditor will add their own methodology to this, which may include writing tests for edge cases we feel are not covered by the included tests, economic modeling, if appropriate, and fuzz testing for parts of the system that are susceptible to different behavior under a large number of parameter combinations.
We specifically assign auditors with skill sets in mind, depending on a project's nature. For instance, a DeFi protocol with an economic model will have an auditor with a strong background in economics, and a ZK-rollup processor will have a cryptographer on the team.
Auditors work independently during the first phase of the audit, initially not sharing their results, in order to not bias each other. After this initial phase, the auditors will join their findings in a consensus meeting and produce a report which lists any issues encountered together with recommendations. The final version of our report is transparently published to our GitHub repository (https://github.com/solidified-platform/audits).
The timeline for each audit depends on the complexity of the project and will be provided with our initial quote on a case-by-case basis. Audits may take anything from 1 week for simple projects to 12 weeks for very complex projects.
In addition to the duration of the audit itself, you should account for time to apply our recommendations. The verification of fixes for the issues is included in our audits. Our auditors remain available for three weeks after the initial report has been delivered for this process.
We recommend reaching out as early as possible to avoid delays in case of longer lead times. We do not require a codebase that is ready for the audit when we create a quote.
As long as we receive a work-progress version together with a description of the functionality to be added, we can create an estimate of the effort and budget required. We also offer clients who do not have a finalized codebase blanket reservations that will be refined closer to the audit start date.
Can't find the answer here?
Drop us a message