Home

Awesome

Please Book smart contract audits by filling out this form

Feel free to schedule a meeting

https://calendly.com/crypto-jeff/30min

and please fill out this google form

https://forms.gle/qaAm88y9ieTiXw1Q6

Web3: land of opportunity and risk

The field of web3 holds great promise, providing numerous opportunities for users to reclaim ownership of their assets and data. However, it is imperative to address the security challenges that come with it. We have seen several high-profile hacks that have impacted the web3 ecosystem, including the Robinhood bridge hack, which resulted in a loss of $6 billion, the Wormhole cross-chain bridge hack, which cost $3 billion, and various other security breaches that have forced protocol shutdowns. These hacks not only render crypto projects financially incapable of operating, but they also severely damage user trust in the system.

To illustrate the significance of the security risks, this year, Euler Finance, a lending protocol, suffered a $200 million hack and is still struggling to recover the lost funds. These incidents underscore the need for robust security measures in web3. The potential financial losses and damage to user trust from these security breaches cannot be overstated. Therefore, it is crucial to engage the services of experienced professionals, who can secure your smart contract and prevent such incidents from occurring.

Auditing

By taking a proactive approach to security, you can establish a strong foundation for your web3 project and ensure its long-term success. Sparkware Auditing is a group of a blockchain security researchers and smart contract auditors whose expertise has been tested in securing some of the largest web3 protocols, such as The Graph and the Optimism Layer 2 blockchain. Sparkware Auditing is a group of respected security researchers lead by Jeff, a white-hat hacker in Immunefi, as well as a senior auditor in Sherlock, an auditing and DeFi insurance platform. The auditing services use a bug bounty-based model, which means you only pay for bugs that are found, not the time it takes to find them. This approach incentivizes auditors to find as many bugs as possible, ensuring that the code is secure before it goes live.

Introduction:

Sparkware smart contract security auditing offers a unique approach to projects that differs from traditional methods. Price is charged based on the number of bugs found in the codebase, rather than an hourly or fixed rate. This means that the clients only pay for the results they receive and not for the time it takes me to find them. In this document, I will outline my process for determining pricing, and payment policies.

Pricing:

DM for inquiry are also welcome! We can customize our price module depends on the codebase complexity for clients!

We also support subscription model.

We will first also offer a free threat model analysis consulting service prior to formal auditing

About us:

Sparkware Auditing provides a unique and effective approach to auditing services. By charging based on the number of bugs found, my clients only pay for the results they receive, and my bug classification system ensures that issues are addressed in order of severity. My payment policies are fair and transparent, ensuring that clients receive the best value for their investment. I have audited some of the big protocols in the space, such as the graph protocol and optimism. My mission to secure smart contracts and eliminate bugs before they hit production.

Contact us today to learn more about my services and to schedule an audit of your system.

Book a private audit by filling out this form https://forms.gle/qaAm88y9ieTiXw1Q6

or reach out to ladboy233 on twitter

Or ladboy233#0859 from discord, my DM are open!

Public bounty and audit report

Public Audit Contest Portfolio

Here is the updated table with the contest results:

ContestDateKeywordsRankReport
ChainlinkJuly 2024Bridge, Cross-chain7Link
TaikoMarch 2024L1 / L2, Infra6Link
Init CapitalJanuary 2024Defi Lending2Link
SuperformDecember 2023Bridge, yield vault1Link
Particle Leverage AMMDecember 2023Leverage Trading3Link
Init CaptialDecember 2023Lending3Link
Beta financeNovember 2023Lending1Link
BrahmaOctober 2023Wallet3Link
DelegateSeptember 2023NFT1Link
Canto veRWAAugust 2023Defi, RWA1Link
[Confidential]August 2023Independent ProjectN/ANA
ArcadeJuly 2023Governance, NFT3Link
Bond optionJuly 2023Option Trading1Link
DinariJuly 2023Defi, Stock Trading1Link
BaseJune 2023Bridge2Link
ConfidentialApril 2023ImmunefiN/ALink
Notional V3March 2023Lending4thLink
Optimism bedrock fixMarch 2023Bridge4thLink
Optimism bedrockFebruary 2023Bridge12thLink
OpenQFebruary 2023Decentralized Bounty5thLink
AjnaJanuary 2023Lending5thLink
UXD ProtocolJanuary 2023Bridge, Defi3rdLink
NumoenJanuary 2023Defi3rdLink
Lyra financeDecember 2022Perpeutual Trading4thLink
GoGo PoolDecember 2022Liquid Staking3rdLink
Dodo financeNovember 2022AMM, Trading1stLink
Sense financeNovember 2022yield2ndLink
HolographOctober 2022Bridge, Defi5thLink
MyceliumOctober 2022Defi1stLink
Notional FinanceOctober 2022Lending4thLink
Graph Protocol L2 BridgeOctober 2022Bridge2ndLink
ConfidentialSeptember 2022ImmunefiN/ALink

Security review process guide

Questions to project

  1. What is the clear scope (.sol files) of the security review?
  2. Does the project have well written specifications & code documentation?
  3. What is the code coverage percentage?
  4. Are there any protocols that are similar to yours, which are they?
  5. Have you had any audits so far, are you planning to do other audits/security programs as well?
  6. Which chain the protocol will be deployed on?
  7. What kind of token the protocol is expected to support?
  8. Is the admin role privilege consider as trusted or restricted?
  9. Is the code/contract expected to comply with any EIPs?

Based on the answers we can discuss the effort needed, the payment amount, and the timeline.

Security review result & fixes review

After the agreed upon time has passed, the project will receive the security review report. The project has 14 days to apply fixes on issues found. Each issues should be fixed in a separate commit that has a message pointing to the issue being fixed. Then, a single iteration of a "fixes review" will be executed by me, free of additional charges, to verify your fixes are correct and secure.

Important notes for the fixes review

Disclaimer

A smart contract security review can never verify the complete absence of vulnerabilities. This is a time, resource and expertise bound effort where I try to find as many vulnerabilities as possible. I can not guarantee 100% security after the review or if even the review will find any problems with your smart contracts.