Services

Smart Contract Audit

Analyze decentralized application’s smart contracts and the overall operation with static code analysis, dynamic analysis, and manual review to identify vulnerabilities together with technical & business logic flaws that may expose applications to various external risks

Decentralized Application Security Consulting

Provide consultation from design to development of decentralized applications, resolving both technical and business issues with professional support along the product development life cycle, maximizing the security level of smart contracts to protect our clients and their users

Digital Assets Investment Consulting

Provide consultation to investment funds and high-net-worth individuals on the security of DeFi projects and earning opportunities in the blockchain ecosystem, focusing on translating vulnerabilities and issues identified to easy-to-understand impact on the deployed capital

Methodology

  • Pre-Audit

    Build up understanding of the overall operations of the related smart contracts. Check for audit targets’ readiness, and make necessary internal preparations for the audit

  • Audit

    Inspect smart contracts using industry-accepted automated analysis tools and manual analysis by a team of professionals to identify both general coding bugs and advanced smart contract vulnerabilities in decentralized application's workflow and logic

  • Preliminary Report

    Deliver preliminary findings with professional suggestions and consultation on how to remediate the identified issues

  • Reassessment

    Verify the status of each issue and re-inspect to ensure there are no additional complications caused by the fixes applied

  • Final Report

    Provide a full final report with the detailed description, risk rating, and status of each identified issue

Researches

Flash Loan/Flash Swap Using UniswapV2-Based AMMs

Flash loan has been one of the most impactful techniques used in smart contract attacks, and it is getting more prevalent.

read more

bEarn.Fi Incident Analysis — bVaults Improper Withdrawal Amount Handling

Started from 10:36:20 AM UTC on May 16th, 2021, bEarn.Fi’s BUSD vault was exploited due to improper withdrawal amount handling.

read more

ValueDeFi’s Invalid Share Calculation Exploit In-depth Analysis

Started from 08:13:06 PM UTC on May 7th, 2021, ValueDeFi’s multi-strategy WBNB vault was exploited due to an invalid share calculation exploit.

read more