Skip to content

Security audits for distributed systems

OpenZeppelin verifies that your distributed systems work as intended by performing an audit. Our engineers fully review your system’s architecture and codebase, and then write a thorough report that includes actionable feedback for every issue found.

CONTACT

You specify an audit-ready code commit through the email below

QUOTE

You get a quote and timeline

AUDIT

We start the audit

REPORT

We privately send the report to your team

FIXES

Your team fixes the issues

PUBLISH

We examine your fixes, update and publish the report (optional)

Request an Audit

Our most popular Audit Reports

forta
compound
uma across token
optimism
eth foundation
Audit Cover5
See All Audit Reports more

FAQs

  • What will I find in the audit report?

    The report outlines potential problems in the code with actionable recommendations to guard against potential attack vectors, together with a general analysis of the system dynamics, reflecting both state-of-the-art security patterns and opportunities for improvement regarding the project's overall quality and maturity.

  • Is the report private?

    Yes. We privately send the report to your team so they can address the issues we found. Publishing the report after your team fixes the issues is optional but strongly recommended as a way to contribute to the ecosystem’s security. We can work with you on a disclosure strategy.

  • Which technologies do you work with?

    We have expertise across the whole stack: from languages and compilers to smart contract systems, protocols, and applications. Our audit portfolio spans distributed payment networks, financial structures, and governance systems.

  • How do I know when I'm ready for an external audit?

    We have audited systems in different stages of development and production, but we have found that the best outcomes, and most interesting findings happen when the code has been tested and documented and is ready for deployment. This checklist lists a few basic quality measures that you should consider before you hand your next project over for an external audit.

FAQs

  • What will I find in the audit report?

    The report outlines potential problems in the code with actionable recommendations to guard against potential attack vectors, together with a general analysis of the system dynamics, reflecting both state-of-the-art security patterns and opportunities for improvement regarding the project's overall quality and maturity.

  • Is the report private?

    Yes. We privately send the report to your team so they can address the issues we found. Publishing the report after your team fixes the issues is optional but strongly recommended as a way to contribute to the ecosystem’s security. We can work with you on a disclosure strategy.

  • Which technologies do you work with?

    We have expertise across the whole stack: from languages and compilers to smart contract systems, protocols, and applications. Our audit portfolio spans distributed payment networks, financial structures, and governance systems.

  • How do I know when I'm ready for an external audit?

    We have audited systems in different stages of development and production, but we have found that the best outcomes, and most interesting findings happen when the code has been tested and documented and is ready for deployment. This checklist lists a few basic quality measures that you should consider before you hand your next project over for an external audit.

see openings

The world's leading projects work with OpenZeppelin

“OpenZeppelin's audit report was like Christmas morning for all the engineers. Our team is very pleased with the results.”
Tom_Kysar
Tom Kysar Product Manager at Augur
“I have a very high opinion of the OpenZeppelin team and their work.”
Brendan_Eich
Brendan Eich Founder of Mozilla and Brave, Javascript creator

Request a security audit

Work with the leading smart contract security audit team to secure your code