Decentralized

Finance

Systems

Application

Security            

Full-stack web3 security services delivered by top-tier ethical hackers with a focus on the real financial impact

Services

Smart Contract Audit

Security audit of the Ethereum Solidity smart contracts, Solana Rust programs, Aptos Move contracts or any kind of a dApp
Get a Quote

Security Advisory

Comprehensive continuous security consulting and audit, implementation of the Security SDLC practices, monitoring, and incident response
Get a Quote

Penetration Testing

Penetration testing and security assessment of the dApps, layer 1 nodes, bridges, CEX, on-/off-ramp, staking infrastructure
Get a Quote

Risk Assessment

Web3 protocol external risk and viability assessment for the traders, PE, and VC funds during the due dilligence
Get a Quote

Invariant Development

Identification of the invariants, development of the invariant and unit tests, on-chain fuzzing, e2e testing
Get a Quote

Security Monitoring

Monitoring the contracts for hack attempts, suspicious transactions and dangerous actions as well as financial solvency
Get a Quote

Portfolio

We've successfully completed dozens of complex audits. Here're the reports for some of them.

Our team joint with partners placed 2nd in the most respected smart contract security audit competition
— Paradigm CTF 2022.
Security audit of the Yearn Finance no-hedge joint strategy helped to ensure the validity of the yield farming strategy logic and the security of the implementation.
Security audit of the GIVEth smart contracts led to discovery of a critical vulnerability in another protocol andremediation of the associated risk.
Security audit of the Yearn Finance no-hedge joint strategy helped to ensure the validity of the yield farming strategy logic and the security of the implementation
Our team joint with partners placed 2nd in the most respected smart contract security audit competition — Paradigm CTF 2022
Security audit of the GIVEth smart contracts led to discovery of a critical vulnerability in another protocol andremediation of the associated risk
We did numerous audits of various products of the 1inch DEX aggregator and their updates including the Aggregation protocol, token plugins, and the innovative Fusion mode
We did a review of the Compound v3 issues and past audits and created a custom Semgrep SAST rulepack which was integrated in the GitHub DevSecOps pipeline of the Comet protocol
We did a review of the Gearbox governance smart contract as part of the V3 implementation

tools

We contribute to the Web3 security by creating the tools that help to automate the security audit.

ABI Decompiler

Reverse Engineering tool that helps you toefficiently match the function selectors in the EVM bytecode to the function signatures.

view
Contract Diff

Smart diff tool that helps you tounderstand which code the protocol has been forked from and what exactly has been changed.

view
Semgrep Solidity Rules

Semgrep rules that will help you to find the typical vulnerable patterns in the smart contract code.

view

Why Decurity?

We are a team of veteran hackers who dived into the blockchain and smart contract security in the early days. Under our supervision, an audit is not just a filing of the checklist but rather a full-fledged research.

See our public reports on Github to learn more.

About Us

  • Multiple world CTF hacking champions

  • Top-50 hackers worldwide according to HackerOne

  • Discovered critical issues during most of engagements

  • Blockchain security experts with proven record since 2017

Our Customers

Contact Us