Blaize Security Auditing Process
Our auditing strategy includes several stages of checks and deep diving, to cover each platform's security from all sides
Top-class Security Auditors
Projects Secured
Blockchains and DLTs Mastered
At Blaize.Security, we are the cornerstone of Blaize's business ecosystem, specializing in providing exceptional security audit & consulting services. Our Web3 Security Department’s mission is to ensure top-tier security by closely collaborating with Blaize's Engineering Department. This dynamic partnership not only promotes innovation but also guarantees safety, perfectly aligning with Blaize's core values. Our combined R&D expertise ensures excellence in both product creation and client protection, establishing us as industry leaders committed to your security and well-being.
We prepare individual auditing strategies for each project with relevant tools, checklists, and approaches.
Blaize.Security auditors start the audit by developing an auditing strategy - an individual approach where the team plans techniques and tools for the audited components. The strategy includes all features of the audited platform: from smart contract, backend service, dApp, custodial platform to blockchain node.
We dive deep into the business logic of the protocol, dissect each component, and scan code line by line.
A dedicated team of Blaize Security specialists led by a Security Lead conducts each audit. The manual stage of the process includes system decomposition, business logic analysis, in-depth review of vulnerable areas, assessment of potential exploits, and adherence to security standards like OWASP and CCSSA (C4).
We do several rounds of testing: apply modern techniques, check edgecases, verify the logic, and explore integrations.
Every hypothesis, issue, and recommendation are tested. Our testing stage checks edge cases, verifies false positives, and assesses dependencies through comprehensive tests. Auditors manually test in local environments, review existing tests, and conduct additional unit testing, using advanced techniques like fuzzy or mutation tests.
We prepare the audit report, with advice on security improvements, and consult the team until the last issue is resolved.
After consultations, verifications, and Customer feedback, a final report is prepared. This report details findings, verifications, Customer comments, business logic review, testing outcomes, and the audit's overall result and rating. The auditors provide ongoing consulting of the Customer until all issues are resolved or both sides are satisfied with them.
Each audit includes:
Manual code
review
We prepare individual auditing strategies for each project with relevant tools, checklists, and approaches.
Static analysis by
automated tools
The code is checked with a set of automated tools and scanners with mandatory interpretation of the results by auditors.
Business logic
review
Through system decomposition, auditors check the consistency of the business logic and eliminate loopholes.
Fuzzy and
exploratory testing
Auditors perform fuzzy, mutation, and other types of exploratory testing, including manual tests on the local environment.
Extensive
integration testing
Auditors conduct an additional round of testing against defined edge-cases and 3rd party integrations with end-to-end tests, fork tests and other tools.
Unit test
coverage check
The team checks all the available tests and prepares a custom test suite to cover the whole formal logic with relevant tests.
Providing detailed report
of detected issues
Auditors compile a detailed report with all the detected issues and recommendations on their elimination.
Verification
of fixes
The team checks the codebase post audit to verify that all the necessary fixes were implemented.
Final audit report
preparation & publishing
The team creates and publishes the final report that includes all issues, fixes, and a total security score.
Post-audit services
Our security support is not limited by the audit only.
We also offer post-audit support for each of our Clients:
- Secondary audits and package of code updates audits
- Security patches development
- Secure CI/CD building
- Deploy support and post-deploy assessment
- Active protection for smart contracts
- Consulting by our Security Researchers
Security is a pipeline - Blaize Security makes sure you are protected at each stage.
Get in Touch
Your blockchain dreams deserve top-tier security. Let's secure them together with our team of certified blockchain security professionals. Get consulting on WEB3 security from top-tier security researchers and auditors. Contact us, and let's fortify your decentralized future.