The Composable Security 🛡️⛓️ is a small team with a holistic approach that goes beyond the code. A combination of expertize in Solidity smart contract security and experience gained through 6+ years securing global fintechs and Polish banks help comprehensively take care of DApp security. Learn more about us.
About our approach you can read here: https://composable-security.com/blog/how-we-do-smart-contract-audit/
- Creators of the first security standard for smart contracts Smart Contract Security Verification Standard.
- Our research was supported by Uniswap Foundation grant.
- Our articles are valued by projects like Morpho Blue, LayerZero.
- Speakers & mentors at EthCC, ETHGlobal London, Web3 Security Conference, EthereumZurich and more.
- Creators of the first Security Guide for DApps (100+ pages of free knowledge).
- First place during War Room Games Paris @ EthCC 2023 organized by Yearn, yAudit, and Tenderly.
- In the previous company, we developed an interactive video program for developers that trained 1,000+ developers.
- Smart contract security reviews/audits
- Threat modeling
- Threat analysis
- Security consultation
Let us help you [email protected]
Companies that have allowed us to speak about our work can be found here:
| Client | Service | Date | Report |
|---|---|---|---|
| Token Invest | Smart contract security review | October 2024 | - |
| RedStone | Smart contract security review and security consultation | October 2024 | - |
| Braintrust | Security consultation | August 2024 | 📄 |
| Arcade | Smart contract security review | July 2024 | 📄 |
| ZND | Smart contract security review | July 2024 | - |
| Empirica | Security consultation | July 2024 | - |
| Flexy | Smart contract security review | June 2024 | 📄 |
| Tident IT | Smart contract security review | June 2024 | - |
| ICEO | Security consultation | May 2024 | - |
| FIDL: Filecoin Incentive Design Labs | Smart contract security review | May 2024 | 📄 |
| Sharbi | Smart contract security review | March-April 2024 | - |
| Outline Investments | Security consultation | March 2024 | - |
| ChickenDAO | Security consultation | March 2024 | 📄 |
| Arcade | Smart contract security review | January-February 2024 | 📄 |
| Gasbot | Smart contract security review | January 2024 | 📄 |
| codefunded | Smart contract security review | November 2023 | 📄 |
| Uniswap Foundation | Security research on UniV4 Hooks | October-December 2023 | - |
| Research Portfolio | Smart contract security review | August-September 2023 | 📄 |
| evojam | Custom blockchain security review | May-June 2023 | - |
| VolMEX Finance | Smart contract security review | April 2023 | - |
| DIVA Protocol | Smart contract security review | March 2023 | 📄 |
| Milky Ice | Smart contract security review | January 2023 | 📄 |
| Outline Investments | Security consultation | December 2022 | - |
| Outline Investments | Security consultation | November 2022 | - |
| FujiDAO Labs OU | Smart contract security review | November 2022 | 📄 |
| FujiDAO Labs OU | Smart contract security review | October 2022 | - |
| W3 CPI, Inc. | Smart contract security review | September 2022 | - |
| Tellor Inc. | Smart contract security review | August 2022 | - |
Many more remain confidential.
- Outline Investment - The primary goal was to develop a systematic approach for evaluating the risks associated with stablecoin pools, which Outline Investment was considering for potential investment opportunities.
- Gasbot V2 - The main objective was verification of the security of smart contracts and identification of threats occurring at the edge of integration with web2 components.
- Research Portfolio - The main objective was verification of the security of smart contracts and identification of threats occurring at the edge of integration with web2 components.
When the project is interesting or we have free slot, we take part in contests.
| Project | H | M | Place | Description |
|---|---|---|---|---|
| Titles | 2 | 6 | 4th out of 201 participants | TITLES builds creative tools powered by artist-owned AI models. The underlying TITLES protocol enables the publishing of referential NFTs, including managing attribution and splitting payments with the creators of the attributed works. |
| Mento | 0 | 1 | 🥇1st out of 83 participants | Mento is a decentralized platform used to launch and operate multi-currency stable assets. Today Mento supports 4 decentralized stable assets on the Celo blockchain: cUSD (Celo Dollar), cEUR (Celo Euro), cREAL (Celo Real) and eXOF (CFA Franc), with more coming soon. |
| Tapioca | 4 | 0 | 7th out of 123 participants | The Omnichain Money Market & Unstoppable OmniDollar, Powered by LayerZero. |
| Rio Network | 2 | 1 | 7th out of 248 participants | The liquid restaking network. |
- Best ways to secure your X account
- Uniswap V4: Bad hook with broken access control
- Uniswap V4: Further research to improve hooks security
- Protect your account: SIM swap hack
- Uniswap V4: Oracle hook with malicious owner
- Uniswap V4: Liquidity Theft via Hook Fee
- Uniswap V4: Re-Initialization Leading to Funds Locked
- Threats for Uniswap V4 hooks
- How to choose the best smart contract auditing firm?
- INSIDER! Impersonating others on GitHub
- Secure integration with LayerZero
- White hack policy
- Uniswap V4 - threat modeling for secure integration
- Account Abstraction - a tale on the evolution of wallets
- The Role of Access Control in Solidity Smart Contracts
- Understanding the Tornado Cash Governance Attack
- 6 security sins of Web3 bridges
- Key threat based cross-checks
- How we do smart contract audit
- Shapella, EIP-4895, and challenges faced by staking protocols
- DeFi price oracles - all you should know about a TWAP
- WOW! ChatGPT-driven threat modeling for smart contracts
- NFT Best Practices - build safe
- Threat Modeling for Smart Contracts: Best Step-by-Step Guide
- Smart contract audit - the best tips on how to be prepared better
- BNB Bridge hack ELI5 explained and visualised