Security audits for distributed systems

OpenZeppelin verifies that your distributed systems work as intended by performing an audit. Our engineers fully review your system’s architecture and codebase, and then write a thorough report that includes actionable feedback for every issue found.

CONTACT

You specify an audit-ready code commit through the email below

QUOTE

You get a quote and timeline

AUDIT

We start the audit

REPORT

We privately send the report to your team

FIXES

Your team fixes the issues

PUBLISH

We examine your fixes, update and publish the report (optional)

Request an Audit

Our most popular Audit Reports

See All Audit Reports

FAQs

What will I find in the audit report?

The report outlines potential problems in the code with actionable recommendations to guard against potential attack vectors, together with a general analysis of the system dynamics, reflecting both state-of-the-art security patterns and opportunities for improvement regarding the project's overall quality and maturity.
Is the report private?

Yes. We privately send the report to your team so they can address the issues we found. Publishing the report after your team fixes the issues is optional but strongly recommended as a way to contribute to the ecosystem’s security. We can work with you on a disclosure strategy.
Which technologies do you work with?

We have expertise across the whole stack: from languages and compilers to smart contract systems, protocols, and applications. Our audit portfolio spans distributed payment networks, financial structures, and governance systems.
How do I know when I'm ready for an external audit?

We have audited systems in different stages of development and production, but we have found that the best outcomes, and most interesting findings happen when the code has been tested and documented and is ready for deployment. This checklist lists a few basic quality measures that you should consider before you hand your next project over for an external audit.

FAQs

What will I find in the audit report?

The report outlines potential problems in the code with actionable recommendations to guard against potential attack vectors, together with a general analysis of the system dynamics, reflecting both state-of-the-art security patterns and opportunities for improvement regarding the project's overall quality and maturity.
Is the report private?

Yes. We privately send the report to your team so they can address the issues we found. Publishing the report after your team fixes the issues is optional but strongly recommended as a way to contribute to the ecosystem’s security. We can work with you on a disclosure strategy.
Which technologies do you work with?

We have expertise across the whole stack: from languages and compilers to smart contract systems, protocols, and applications. Our audit portfolio spans distributed payment networks, financial structures, and governance systems.
How do I know when I'm ready for an external audit?

We have audited systems in different stages of development and production, but we have found that the best outcomes, and most interesting findings happen when the code has been tested and documented and is ready for deployment. This checklist lists a few basic quality measures that you should consider before you hand your next project over for an external audit.