Solidity Audit

Solidity audits, end to end.

Senior manual review of your Solidity codebase across Ethereum and every major EVM chain. Foundry invariants, Slither, Aderyn, Krait — applied alongside two pairs of human eyes.

EVM · L1 · L2 · senior auditors only · reports public by default

Request an intro call
Why this exists

Solidity is mature. The bugs aren't.

Every year, the patterns that cause losses shift — from reentrancy to oracle manipulation, to signature handling, to upgrade misconfigurations, to cross-chain messaging trust failures. The language is stable; the threat model isn't. A serious Solidity audit covers what's breaking now, not just what broke in 2018.

Scope

What’s in the audit.

What we check

Common Solidity vulnerability classes

Reentrancy, access control, oracle manipulation, integer math, signature replay, upgrade safety, MEV, and protocol-specific invariants.

Tools

Slither, Foundry, Aderyn, Krait

Custom Foundry invariants for protocol-specific properties, Slither and Aderyn for pattern detection, mutation testing for coverage quality, and our Krait agent for second-pass scans.

EVM chains

Ethereum, L2s, and alt-EVMs

Mainnet, Base, Arbitrum, Optimism, Polygon, BNB, Avalanche, Linea, Scroll, Berachain, Monad, ApeChain — anywhere Solidity runs.

Recent engagements

Recent Solidity engagements.

Ethereum

Lido Community Staking Module

Permissionless staking module review with deep focus on validator key flows, accounting, and bond escrow mechanics.

Aug 2024 · Lido Finance

Polygon

Dripster Leveraged Prediction Vault

14-state leveraged vault with EIP-712 signature-gated state transitions and Polymarket integration.

Apr 2026 · Dripster

Ethereum

BadgerDAO Staked eBTC

Bitcoin-pegged staking vault audit, focused on accounting invariants and the deposit/withdraw flow.

Oct 2024 · BadgerDAO

How pricing works

Scoped to your codebase.

Solidity audits are sized to lines of code, complexity, integration surface, and timeline. No fixed packages. Talk to us for a scope and quote.

Request an intro call
FAQ

Questions.

Yes. UUPS, transparent proxies, beacon proxies, and diamond patterns. Storage layout, initialization, and upgrade authorization are first-class scope items.

Yes. We audit the contract once and verify deployment parity across chains — including chain-specific quirks like opcode differences, gas pricing models, and L1/L2 sequencer trust assumptions.

We review the integration: trust assumptions on the messenger, replay protection, message authentication, and what happens when the messenger pauses or behaves adversarially.

Yes. We write protocol-specific Foundry invariants targeting the properties that matter for your design (accounting balance, supply caps, role separation, etc.). Tests are delivered alongside the report.

Two to five weeks of focused review by two senior auditors, plus a fix-verification pass. Exact duration depends on code size, complexity, and your test coverage going in.

By default, yes. Every Solidity audit gets published on zealynx.io with findings, severity rationale, and recommendations. NDA arrangements available on request.

From our research

Go deeper.

Manifesto

The 2026 Solidity audit manifesto

What a serious Solidity audit looks like in 2026, and what doesn't pass for one anymore.

Vulnerability class

Reentrancy attacks: classic and modern variants

Cross-function, cross-contract, and read-only reentrancy, with the patterns we look for during a review.

Protocol class

AMM security foundations (Part 1)

The invariants that hold AMMs together, and how they break. Part of the AMM security series.

Other services

Need something else?

Parent

Smart contract audits

Back to the parent service — see all languages, methodology, and recent engagements across the board.

Subscription

Security Audit Subscription

Ongoing weekly Solidity review during development, before you're ready for a full audit.

Bundle

Full-Stack Audit

Solidity audit + off-chain pentest in parallel, with boundary risks reviewed jointly.

Ready when you are

Ready to audit?

Send us your repo and a target date. We’ll come back with a scope and a quote within 24 hours.

Request an intro call