Get All Answers Here

Blaize can provide a full audit of the following smart contracts:

• Solidity and Vyper contracts for any EVM blockchain;
• Rust-based contracts. For instance, NEAR, Solana, and Secret Network ecosystems; 
• Modules and pallets for Substrate chains from Polkadot ecosystem;
• Move contracts for Aptos and Sui blockchains and any Move compatible ecosystem; 
• Cairo contracts from StarkNet blockchain;
• Motoko contracts for the Dfinity ecosystem;
• any other smart contracts on other languages.

Absolutely! Blaize Security team has deep experience with various chains: EVM-compatible, like fork of Ethereum or Layer-2 blockchains, Bitcoin-family blockchains, Substrate chains from Polkadot ecosystem, Cosmos chains and other custom blockchain solutions.

Yes, Blaize Security knows how to handle a wide range of security assessments, covering dApps, backend systems, SDKs, custodial services, and exchanges. Our seasoned experts dive into the architecture and codebase of these components, ensuring they adhere to the highest security standards.

Our team thoroughly examines the entire ecosystem of the dApp, identifying potential vulnerabilities both in the smart contracts and the interfacing backend systems. We know the sensitive nature of custodial services, and the robust demands of exchanges – we provide comprehensive audits to identify vulnerabilities and recommend best-practice solutions. Our goal is to ensure robust security across all sides of your project.

Here’s a brief list of the most common reasons for smart contract hacks Blaize has dealt with:

• standard vulnerabilities like reentrancy, denial of service, or overflows;
• incorrect access control and roles systems; 
• incorrect math and rewards calculations, inappropriate token amounts
• handling, accuracy mistakes; 
• incorrect token transfer logic; 
• loopholes in the business logic; 
• architectural mistakes that lead to deadlocks or contract misuse.

To discover more about the topic, check out Blaize article about most common smart contract vulnerabilities.

Blaize.Security operates as an integral part of Blaize, specializing in comprehensive security audit and consulting services. This connection allows us to closely collaborate with Blaize’s Engineering Department, fostering a dynamic partnership that enhances innovation and ensures top-tier security. Our shared commitment to RnD enables us to succeed in creating secure products and protecting our clients, affirming our position as industry leaders in blockchain security solutions.

The information presented in the blockchain protocol audit reports is the intellectual property of our customers. For this reason, we always ask for the client’s permission to post the audit case on the Blaize website.

You can find our public audit reports right under the link: audits.blaize.tech. 

It contains all our public reports, including smart contract audit reports, examples of bridge security audits, SDK security audits and blockchain audits.

We break the smart contract audit into several stages: 

• security review by at least 2 auditors working separately; 
• business logic review and architectural scheme recreation;
• automatic tools analysis; 
• full unit tests coverage; 
• integration testing and specific user scenarios recreation; 
• fuzzy testing and mutation testing (on demand);
• formal verification (on demand).

Learn more details about the whole audit process in our blog.

Blaize Security specialists look through the materials and data collected from the client and prepare a quotation within 24 hours term.

We have dedicated time slots for each customer with a short waiting period of no longer than a week. So you can be sure that we’ll start to work on your project as soon as possible.

When considering an auditing team, you should pay attention to specific cases of the projects they audited in the past. This will allow you to see the number of audits they have worked on and estimate their experience. Besides, the size of the projects they audited before will help you understand whether the team is worth hiring since larger projects tend to attract more hackers. 

Next, you should take a closer look at their portfolio to see if the company has conducted any audits on your chain. Also, check what kind of methodology and approach the auditor chooses to see if it suits you. 

Finally, check several reports. A report of a reliable smart contract audit company should include a detailed description of all the issues that were found during the course of the investigation. Such a report must be well-structured, and understandable for most people.

Your security audit report, prepared by Blaize specialists, will include the following information:

• all security issues with the recommendation from auditors;
• best practices recommendations;
• clarifications for the unclear functionality;
• business logic review summary and contracts scheme; 
• a list of the performed tests;
• audit summary;
• used methodology.

Blaize offers a comprehensive range of security services, including smart contract auditing for various languages like Solidity, Vyper, and Rust, technical due diligence, core blockchain auditing, enterprise solution audits, and expert smart contract security consulting to enhance the integrity and reliability of blockchain projects. 

Beyond the primary audit, our commitment extends to post-audit support that encompasses secondary audits, code update reviews, security patch development, secure CI/CD pipeline construction, deployment assistance, post-deployment assessments, active smart contract protection, and direct consultations from our seasoned Security Researchers.