Smart Contract Audits

Smart contract audits, line by line.

Senior manual review across EVM, Solana, Rust, Cairo, and Sway, paired with custom invariants, Slither, mutation testing, and Krait. Reports public by default.

30+ protocols audited · senior auditors only · reports public by default

Request an intro call
Why this exists

Tools find patterns. People find bugs.

Static analyzers catch the issues that look like other issues. They miss the architectural mistakes, the broken invariants, and the protocol-specific bugs that actually cost money. We run the tools (all of them) and then we read the code, twice, with two senior auditors. The tooling is there to expand coverage, not to replace judgment.

Languages we audit

Five languages, one team.

Pick the language page for the full scope, tools, recent engagements, and FAQ specific to that ecosystem.

EVM

Solidity

Ethereum, Base, Arbitrum, Optimism, Polygon, BNB, and other EVM chains.

SVM

Solana

Anchor and native Solana programs. Account validation, CPI safety, and PDA logic.

Beyond Solana

Rust

Rust on Near and other non-Solana ecosystems. Cross-chain intent and bridge primitives.

Starknet

Cairo

Cairo audits on Starknet and Madara. Provable-execution semantics, storage layout.

Fuel

Sway

Sway audits on the Fuel network. UTXO model, predicate scripts, and asset handling.

Methodology

How we work.

Manual

Line-by-line review

Two senior auditors read every line in scope and pair on findings. No automated triage of the report.

Tooling

Slither, Aderyn, Foundry, Krait

Static analysis, custom Foundry invariants, mutation testing, and our internal Krait agent — applied alongside the manual pass.

Output

Public reports by default

Every report is published on zealynx.io with full findings, severity rationale, and recommendations. Private engagements available on request.

Recent engagements

Recent engagements.

Solidity · Ethereum

Lido Community Staking Module

Permissionless staking module review with deep focus on validator key flows, accounting, and the bond escrow mechanics.

Aug 2024 · Lido Finance

Solidity · Polygon

Dripster Leveraged Prediction Vault

Manual review of a 14-state leveraged vault with EIP-712 signature-gated state transitions on Polygon.

Apr 2026 · Dripster

Rust · Near

Sodax Cross-Chain Intent Protocol

Rust audit of a cross-chain intent protocol on Near, covering the matching engine and bridge integrity.

Nov 2025 · Sodax

How pricing works

Scoped to your codebase.

Audits are sized to your code, your stack, and your timeline. No fixed packages, no surprise add-ons. Talk to us for a scope and a quote.

Request an intro call
FAQ

Questions.

Solidity (every EVM chain), Solana (Anchor and native), Rust (Near and other non-Solana ecosystems), Cairo (Starknet, Madara), and Sway (Fuel). Pick the language page from the section above for the full scope on each.

Depends on scope and complexity. A typical audit runs 2 to 5 weeks of focused review by two senior auditors, plus a fix-verification pass. We give you a fixed scope and timeline before you commit.

By default, yes. Every audit gets published on zealynx.io with findings, severity, and recommendations. If your engagement requires confidentiality, we sign an NDA and keep the report private.

Yes. After you implement fixes, we re-review each finding to confirm the remediation is correct. Fix verification is included in the audit fee, not a separate engagement.

Yes — the Security Audit Subscription is a recurring engagement with weekly code review, a weekly call, and a direct line to your auditor. Built for protocols still being built, before they're ready for a full audit.

Manual review first, tools second. Read the full methodology page for our process, the tools we use at each phase, and how we structure the final report.

Audits are scoped to your codebase size, complexity, and timeline. No fixed packages, no surprise add-ons. Talk to us for a quote.

From our research

Go deeper.

Year in review

2025 exploit lessons: $3.4B in DeFi losses and what they revealed

The presentation-layer, supply-chain, and signature-handling failures that defined 2025's exploits.

Manifesto

The 2026 Solidity audit manifesto

What a serious smart contract audit looks like today, and what it doesn't.

Methodology

Defense in depth: our audit workflow

The layered process we run on every engagement, from scoping to fix verification.

Other services

Need something else?

Subscription

Security Audit Subscription

Ongoing weekly review during development, with a direct line to your auditor.

Bundle

Full-Stack Audit

Smart contract audit + off-chain pentest in parallel, with boundary risks reviewed jointly.

Off-chain

Application security

Standalone backend, frontend, and API pentest — for protocols already past the contracts.

Ready when you are

Ready for an audit?

If you have a codebase that's heading toward production, talk to us. We'll come back with a scope and a quote within 24 hours.

Request an intro call