If you have any vendor recommendations or feedback on the vendors below, please feel free to send it via the Comment Box.
Reach out to franklin@panteracapital.com for an introduction.
Quantstamp is a Y Combinator-backed company building the standard in blockchain cybersecurity. Companies such as Binance, Maker, and Kakao trust Quantstamp to secure over $2B of digital asset value while also helping Fortune 100 companies implement their blockchain platforms.
Product Offering: Smart Contract Auditing // Smart Contract Development
Formal Verification / Formal Proofs of Systems
Dapp Design and Architecture Review
Gas Analysis / Penetration Testing / Unit Tests
What's in an Audit:
- A minimumof three auditors who will independently audit the blockchain systems. The audit team consists of security professionals who have reviewed code for Binance, OmiseGo, Ethereum, MakerDAO, Chainlink, Skale Labs, Metacartel, AirSwap, Rootstock, eToro, Sharespost, POA Network and NUO among others.
- 24-hour turnaround of audit scope and quote estimate once repo is shared with Quantstamp. Their audit process can be found here.
- A final certificate such as this one– will include detailed analysis and security certification. Provides security guarantees to stakeholders, users, and the community that the contracts have undergone rigorous security procedures. This can either be publicly or privately hosted according to your preference.
- Unlimited re-audits until the contracts are deemed secure, for this iteration of the code - for a three week period post the issuance of the initial audit report.
For Pantera Portfolio Companies:
Immediate fast-tracking of auditing needs
At least 20% discount based on timing and bandwidth
Complementary design and architecture consultation of portfolio's blockchain stack and systems
Certora www.certora.com is developing tools for low level code analysis in EVM and WASM. Certora’s technology explores all possible code paths and input values in order to identify bugs in smart contracts and prove their absence. Major DeFis including Aave, Celo, Compound Finance, and Opyn are already using Certora’s formal verification as part of their development process to find bugs early.
Certora offers the following services:
- Off-the-shelf ERC20 scan for correctness standard correctness properties.
- Cloud-based verification with CI integration.
- Professional services for code review/auditing and writing formal correctness rules (subject to staff availability).
Please contact info@certora.com to learn more.
Based on Pantera research (July 27, 2021):
Top smart contract auditors that projects like and are using:
Additional:
Twitter mentions:
Additional information:
- Aave’s security + audits here (e.g. PeckShield, SigmaPrime, ConsenSys, Certik, MixBytes, OpenZeppelin)
- OUSD’s audits here (e.g. Trail of Bits, Solidified, Certora)
- Chainlink’s audit (e.g. Quantstamp, SigmaPrime, Callisto, Nick Johnson)
- ABDK- recommended by Risk Harbor but also used by zkSync and BitGo
- Halborn, Least Authority, Hashcloak (smart contract, privacy, and cryptographic implementation audits) were recommended by a friend in the zk space
- ReviewsDAO was recommended by another friend, who said it’s good for “independent guys”
