Decentralized

Finance

Systems

Application

Security            

Decurity is a tier-1 web3 security audit firm and elite team of ethical hackers who won hardest CTF competitions

Services

Smart Contract Audit

Security audit of the Ethereum Solidity smart contracts, Solana Rust programs, Aptos Move contracts or any kind of a dApp
Get a Quote

Security Advisory

Comprehensive continuous security consulting and audit, implementation of the Security SDLC practices, monitoring, and incident response
Get a Quote

Penetration Testing

Penetration testing and security assessment of the dApps, layer 1 nodes, bridges, CEX, on-/off-ramp, staking infrastructure
Get a Quote

Risk Assessment

Web3 protocol external risk and viability assessment for the traders, PE, and VC funds during the due dilligence
Get a Quote

Invariant Development

Identification of the invariants, development of the invariant and unit tests, on-chain fuzzing, e2e testing
Get a Quote

Security Monitoring

Monitoring the contracts for hack attempts, suspicious transactions and dangerous actions as well as financial solvency
Get a Quote

Portfolio

We've successfully completed dozens of complex audits. Here're the reports for some of them, see more on Github.

Our team joint with partners placed 2nd in the most respected smart contract security audit competition
— Paradigm CTF 2022.
Security audit of the Yearn Finance no-hedge joint strategy helped to ensure the validity of the yield farming strategy logic and the security of the implementation.
Security audit of the GIVEth smart contracts led to discovery of a critical vulnerability in another protocol andremediation of the associated risk.
We did a review of the Compound v3 issues and past audits and created a custom Semgrep SAST rulepack which was integrated in the GitHub DevSecOps pipeline of the Comet protocol
We did numerous audits of various products of the 1inch DEX aggregator and their updates including the Aggregation protocol, token plugins, and the innovative Fusion mode
Security audit of the Yearn Finance no-hedge joint strategy helped to ensure the validity of the yield farming strategy logic and the security of the implementation
We did code review and penetration testing of various components of complex staking infrastructure and found interesting issues
We did a review of the Gearbox governance smart contract as part of the V3 implementation
Security audit of the GIVEth smart contracts led to discovery of a critical vulnerability in another protocol and remediation of the associated risk

Competitions

We are passionate competitive hackers and won toughest CTF (Capture The Flag) competitions — olympic games of smart contract auditors

Our team joint with partners placed 2nd in the most respected smart contract security audit competition
— Paradigm CTF 2022.
Security audit of the Yearn Finance no-hedge joint strategy helped to ensure the validity of the yield farming strategy logic and the security of the implementation.
Security audit of the GIVEth smart contracts led to discovery of a critical vulnerability in another protocol andremediation of the associated risk.
Our team joint with partners placed 2nd in on of the most respected smart contract security audit competition — Paradigm CTF 2022
Decurity overpassed all other audit company teams and won 2nd place in highly crowded OpenZeppelin CTF 2024

Partners

We partner with L1/L2 blockchains, development firms, other security companies, hedge funds, and other web3 projects

Our team joint with partners placed 2nd in the most respected smart contract security audit competition
— Paradigm CTF 2022.
Security audit of the Yearn Finance no-hedge joint strategy helped to ensure the validity of the yield farming strategy logic and the security of the implementation.
Security audit of the GIVEth smart contracts led to discovery of a critical vulnerability in another protocol andremediation of the associated risk.
Scroll L2 onboarded Decurity as a trusted security auditor and is referring us to the emerging ecosystem projects since March 2024
Metis L2 listed Decurity as one of the recommended security auditors who offer a discount for the ecosystem projects since October 2023

tools

We contribute to the Web3 security by creating the tools that help to automate the security audit.

ABI Decompiler

Reverse Engineering tool that helps you toefficiently match the function selectors in the EVM bytecode to the function signatures.

view
Contract Diff

Smart diff tool that helps you tounderstand which code the protocol has been forked from and what exactly has been changed.

view
Semgrep Solidity Rules

Semgrep rules that will help you to find the typical vulnerable patterns in the smart contract code.

view

Why Decurity?

We are a team of veteran hackers who dived into the blockchain and smart contract security in the early days. Under our supervision, an audit is not just a filing of the checklist but rather a full-fledged research.

See our public reports on Github to learn more.

About Us

  • Multiple world CTF hacking champions

  • Top-50 hackers worldwide according to HackerOne

  • Discovered critical issues during most of engagements

  • Blockchain security experts with proven record since 2017

Our Customers

Contact Us