Decentralized

Finance

Systems

Application

Security Services

Full-stack web3 security services delivered by top-tier ethical hackers with a focus on the real financial impact

Get a Quote

Services

Smart Contract Audit

Security audit of the Ethereum Solidity smart contracts, Solana Rust programs, Aptos Move contracts or any kind of a dApp
Get a Quote

Security Advisory

Comprehensive continuous security consulting and audit, implementation of the Security SDLC practices, monitoring, and incident response
Get a Quote

Penetration Testing

Penetration testing and security assessment of the dApps, layer 1 nodes, bridges, CEX, on-/off-ramp, staking infrastructure
Get a Quote

Risk Assessment

Web3 protocol external risk and viability assessment for the traders, PE, and VC funds during the due dilligence
Get a Quote

Invariant Development

Identification of the invariants, development of the invariant and unit tests, on-chain fuzzing, e2e testing
Get a Quote

Security Monitoring

Monitoring the contracts for hack attempts, suspicious transactions and dangerous actions as well as financial solvency
Get a Quote

Portfolio

We've successfully completed dozens of complex audits. Here're the reports for some of them.

Our team joint with partners placed 2nd in the most respected smart contract security audit competition
— Paradigm CTF 2022.
Learn More
Security audit of the Yearn Finance no-hedge joint strategy helped to ensure the validity of the yield farming strategy logic and the security of the implementation.
Learn More
Security audit of the GIVEth smart contracts led to discovery of a critical vulnerability in another protocol andremediation of the associated risk.
Learn More
Security audit of the Yearn Finance no-hedge joint strategy helped to ensure the validity of the yield farming strategy logic and the security of the implementation
Learn More
We did numerous audits of various products of the 1inch DEX aggregator and their updates including the Aggregation protocol, token plugins, and the innovative Fusion mode
Learn More
We did a review of the Compound v3 issues and past audits and created a custom Semgrep SAST rulepack which was integrated in the GitHub DevSecOps pipeline of the Comet protocol
Learn More
We did a review of the Gearbox governance smart contract as part of the V3 implementation
Learn More
Security audit of the GIVEth smart contracts led to discovery of a critical vulnerability in another protocol and remediation of the associated risk
Learn More
Our team joint with partners placed 2nd in the most respected smart contract security audit competition — Paradigm CTF 2022
Learn More

Assessments

Decurity security audit methodology is based on our experience in building and analyzing the complex financial systems, low-level programming, and application security.
Protocol Analysis
Documentation,
Dependencies, Tests
Vulnerability Assessment
Code review, Fuzzing,
Economics analysis
Reporting & Re-testing
Remediation planning
and Execution

Security Audit

Our approach is on par with the top tier audit firms. We are focused on finding exploitable vulnerabilities with the real impact. We usually don't look at the audit as a simple 40-person-hours task and try to exhaust all possible ideas.

Engagement Process

Scoping and Planning
Project and Docs Analysis
Automated Tests
Manual Code Review
Economical Attack Simulation
Re-testing & Final Report

Consulting

Decurity also provides the security advisory and vCISO services to the projects who are willing to integrate the security in the development process early on.
Decurity security audit methodology is based on our experience in building and analyzing the complex financial systems, low-level programming, and application security.
Design
Security Consulting
  • Requirements
  • Invariants
Development
Security Audit
  • Code review
  • DevSecOps
Execution
Security Monitoring
  • Exploit Detection
  • Risk Assessment
Continuous Security Advisory

Continuous Security Advisory

Our security advisory services include consulting and security design, regular code review and penetration testing, DevSecOps and Secure SDLC implementation, and security monitoring solutions.

Why Decurity?

We are a team of veteran hackers who dived into the blockchain and smart contract security in the early days. Under our supervision, an audit is not just a filing of the checklist but rather a full-fledged research.

See our public reports on Github to learn more.

About Us

  • Multiple world CTF hacking champions

  • Top-50 hackers worldwide according to HackerOne

  • Discovered critical issues during most of engagements

  • Blockchain security experts with proven record since 2017

Our Customers

Contact Us