Security audits for distributed systems
OpenZeppelin verifies that your distributed systems work as intended by performing an audit. Our engineers fully review your system’s architecture and codebase, and then write a thorough report that includes actionable feedback for every issue found.
You specify an audit-ready code commit through the email below
You get a quote and timeline
We start the audit
We privately send the report to your team
Your team fixes the issues
We examine your fixes, update and publish the report (optional)
Our most popular Audit ReportsSEE ALL AUDIT REPORTS
What will I find in the audit report?
The report outlines potential problems in the code with actionable recommendations to guard against potential attack vectors, together with a general analysis of the system dynamics, reflecting both state-of-the-art security patterns and opportunities for improvement regarding the project's overall quality and maturity.
Is the report private?
Yes. We privately send the report to your team so they can address the issues we found. Publishing the report after your team fixes the issues is optional but strongly recommended as a way to contribute to the ecosystem’s security. We can work with you on a disclosure strategy.
Which technologies do you work with?
We have expertise across the whole stack: from languages and compilers to smart contract systems, protocols, and applications. Our audit portfolio spans distributed payment networks, financial structures, and governance systems.
How do I know when I'm ready for an external audit?
We have audited systems in different stages of development and production, but we have found that the best outcomes, and most interesting findings happen when the code has been tested and documented and is ready for deployment. This checklist lists a few basic quality measures that you should consider before you hand your next project over for an external audit.