When launching a DeFi project, the project team should take project security as one of the key priorities because it can directly affect the project’s long-term success. We have seen a number of projects that have been very successful in their beginning but have suffered big reputational and financial losses due to a lack of a proper approach towards security. The Poly Network and Cream Finance hacks to name a few.
The most straightforward way of building a secure DeFi project is doing a security audit of its code. By doing a security audit, besides making your project better protected against cyber threats you will reap reputational yields in the eyes of users and investors, especially if you hire a tier-1 auditor for the job.
What you get with a good security auditor for a DeFi project is:
- thorough verification of your entire code,
- full testing of your code,
- a preliminary report with recommendations for fixes, and
- a final report with an assessment of your project’s security and performance of bug fixes.
The so-called tier-1 auditors are the most reputable, they care a lot about their reputation and typically provide the best service in their niche. The prices are higher than others, but their audits, besides the overall quality of the works, typically make projects look more appealing to investors.
Top 7 smart contract auditors out there
Certik is one of the most reputable smart contract auditors that has saved its clients $6.32 billion worth of funds. Certik also hosts a service for on-chain analytics for Binance Smart Chain and Ethereum called SkyTrace. It allows users to see suspicious liquidity flows through Ethereum and BSC wallets. Certik is a security partner for such centralized exchanges as Binance, OKEx and Huobi. It also works with such partners as Binance Labs, Lightspeed, Matrix Partners and DHVC.
Certik charges very high prices for its audits because of its high popularity and workload. Still, over $40 million have been drained from Arbix Finance and Spartan protocol that have been audited by Certik. Also, because of the high workload of this auditor, you might get a preliminary report that will be lacking some important details and recommendations on bug fixes.
Peckshield is renowned for high quality of audit reports, they also conduct pin tests and have an AML service for digital assets in their suite of services. They also own two independent security brands for DeFi DApp Total and CoinHolmes. TRON, Harmony and Aave are among their clients.
They conduct their own security research for smart contract security and publish reports in their blog. For instance, they have discovered the Batch Overflow loophole for Ethereum smart contracts. They are ranked in the top 3 in the Ethereum Bounty Program. But their prices can be restrictively high as they charge $12,000 per person-week.
HashEx is a DeFi security company that has audited over 1000 projects, saving its clients more than $2.5 billion in funds. The company specializes in auditing smart contracts written in Solidity and deployed on EVM-compatible blockchains. It also provides development services in building blockchain protocols, centralized marketplaces and launchpads for projects.
HashEx also offers a suite of services called CryptEx that provides solutions in liquidity locking, team vesting and token creation. Their prices for audits start from $3,500. Because of the high demand for audits, it might take them longer on average to complete an audit than some other security audit firms. But in case of need, you can order a rush audit that will cost you more but will take less time.
Paladin has gained a reputation for providing thorough reports on smart contracts audits. Paladin’s main distinctive feature is that its team makes manual code checks line by line, thus putting away all redundant code. It makes audits for non-EVM blockchains and has Avalanche, RugDoc and ApeSwap among its partners.
Even though it is a young firm, it is already famous for its audits’ quality and might have a long list of projects, so audits conducted by Paladin might take longer until completion. The price of their audits is also high, starting from $8,000.
Hacken provides security audits for smart contracts deployed on Ethereum, TRON, EOS, Binance Smart Chain and other blockchains. They provide services in penetration testing and security assessment and have about 300 audited projects in their portfolio.
They are very popular in the DeFi market and have a long waiting list of projects. This is why it might take more time to do a security audit with this security audit provider than with some others. Their audit prices are also high, starting from $11,000 in the times of peak workload.
Solidity Finance has got more than $10 billion dollars in on-chain liquidity of more than 1,000 projects they have done audits for. They perform security audits for many types of blockchain-based projects, including decentralized financial protocols, NFT marketplaces and metaverses and cryptocurrency gambling games. They audit smart contracts deployed on Ethereum and TRON.
Their audit prices start from $9,000 USDC or USDT. $30 million have been stolen from one of the projects audited by Solidity Finance.
0xGuard is a young auditor that is outside tier-1 auditors but is, nonetheless, another quality firm specializing on audits for smart contracts written in Rust and Solidity and smart contracts deployed on the Solana and Near blockchains. It has a good record without any hacks of their clients’ projects being registered.
Its audit prices start from $900, but the prices for large projects are comparable to tier-1 auditors’.
How to choose a smart contract auditor?
If you want to choose a good smart contract auditor to keep your funds safe, you need to consider three parameters: the auditor’s reputation, its record and price. Going for tier-1 auditors can be the safest option, but their audits can take extra time due to having to wait longer. Thus, if you need to do an audit fast, you might have to overpay considerably with a tier-1 auditor. Or instead you can opt for a lower-ranked auditor with a solid reputation and a good audit record and save your time and money.