Awesome
Please Book smart contract audits by filling out this form
Feel free to schedule a meeting
https://calendly.com/crypto-jeff/30min
and please fill out this google form
https://forms.gle/qaAm88y9ieTiXw1Q6
Web3: land of opportunity and risk
The field of web3 holds great promise, providing numerous opportunities for users to reclaim ownership of their assets and data. However, it is imperative to address the security challenges that come with it. We have seen several high-profile hacks that have impacted the web3 ecosystem, including the Robinhood bridge hack, which resulted in a loss of $6 billion, the Wormhole cross-chain bridge hack, which cost $3 billion, and various other security breaches that have forced protocol shutdowns. These hacks not only render crypto projects financially incapable of operating, but they also severely damage user trust in the system.
To illustrate the significance of the security risks, this year, Euler Finance, a lending protocol, suffered a $200 million hack and is still struggling to recover the lost funds. These incidents underscore the need for robust security measures in web3. The potential financial losses and damage to user trust from these security breaches cannot be overstated. Therefore, it is crucial to engage the services of experienced professionals, who can secure your smart contract and prevent such incidents from occurring.
Auditing
By taking a proactive approach to security, you can establish a strong foundation for your web3 project and ensure its long-term success. Sparkware Auditing is a group of a blockchain security researchers and smart contract auditors whose expertise has been tested in securing some of the largest web3 protocols, such as The Graph and the Optimism Layer 2 blockchain. Sparkware Auditing is a group of respected security researchers lead by Jeff, a white-hat hacker in Immunefi, as well as a senior auditor in Sherlock, an auditing and DeFi insurance platform. The auditing services use a bug bounty-based model, which means you only pay for bugs that are found, not the time it takes to find them. This approach incentivizes auditors to find as many bugs as possible, ensuring that the code is secure before it goes live.
Introduction:
Sparkware smart contract security auditing offers a unique approach to projects that differs from traditional methods. Price is charged based on the number of bugs found in the codebase, rather than an hourly or fixed rate. This means that the clients only pay for the results they receive and not for the time it takes me to find them. In this document, I will outline my process for determining pricing, and payment policies.
Pricing:
DM for inquiry are also welcome! We can customize our price module depends on the codebase complexity for clients!
We also support subscription model.
We will first also offer a free threat model analysis consulting service prior to formal auditing
About us:
Sparkware Auditing provides a unique and effective approach to auditing services. By charging based on the number of bugs found, my clients only pay for the results they receive, and my bug classification system ensures that issues are addressed in order of severity. My payment policies are fair and transparent, ensuring that clients receive the best value for their investment. I have audited some of the big protocols in the space, such as the graph protocol and optimism. My mission to secure smart contracts and eliminate bugs before they hit production.
Contact us today to learn more about my services and to schedule an audit of your system.
Book a private audit by filling out this form https://forms.gle/qaAm88y9ieTiXw1Q6
or reach out to ladboy233 on twitter
Or ladboy233#0859 from discord, my DM are open!
Public bounty and audit report
- Immunefi Bounty Profile
- Thruster Swap Audit - largest Dex in Blast
- Optimism Fault Dispute Game Audit (via Spearbit) - L2 blockchain over 600M+ TVL
- Init Capital Audit (via Trust Security) - Lending Protocol over 100M+ TVL
- Arcadia Finance Audit (via Trust Security) - Lending Protocol 1.7M+ TVL
Public Audit Contest Portfolio
Here is the updated table with the contest results:
Contest | Date | Keywords | Rank | Report |
---|---|---|---|---|
Chainlink | July 2024 | Bridge, Cross-chain | 7 | Link |
Taiko | March 2024 | L1 / L2, Infra | 6 | Link |
Init Capital | January 2024 | Defi Lending | 2 | Link |
Superform | December 2023 | Bridge, yield vault | 1 | Link |
Particle Leverage AMM | December 2023 | Leverage Trading | 3 | Link |
Init Captial | December 2023 | Lending | 3 | Link |
Beta finance | November 2023 | Lending | 1 | Link |
Brahma | October 2023 | Wallet | 3 | Link |
Delegate | September 2023 | NFT | 1 | Link |
Canto veRWA | August 2023 | Defi, RWA | 1 | Link |
[Confidential] | August 2023 | Independent Project | N/A | NA |
Arcade | July 2023 | Governance, NFT | 3 | Link |
Bond option | July 2023 | Option Trading | 1 | Link |
Dinari | July 2023 | Defi, Stock Trading | 1 | Link |
Base | June 2023 | Bridge | 2 | Link |
Confidential | April 2023 | Immunefi | N/A | Link |
Notional V3 | March 2023 | Lending | 4th | Link |
Optimism bedrock fix | March 2023 | Bridge | 4th | Link |
Optimism bedrock | February 2023 | Bridge | 12th | Link |
OpenQ | February 2023 | Decentralized Bounty | 5th | Link |
Ajna | January 2023 | Lending | 5th | Link |
UXD Protocol | January 2023 | Bridge, Defi | 3rd | Link |
Numoen | January 2023 | Defi | 3rd | Link |
Lyra finance | December 2022 | Perpeutual Trading | 4th | Link |
GoGo Pool | December 2022 | Liquid Staking | 3rd | Link |
Dodo finance | November 2022 | AMM, Trading | 1st | Link |
Sense finance | November 2022 | yield | 2nd | Link |
Holograph | October 2022 | Bridge, Defi | 5th | Link |
Mycelium | October 2022 | Defi | 1st | Link |
Notional Finance | October 2022 | Lending | 4th | Link |
Graph Protocol L2 Bridge | October 2022 | Bridge | 2nd | Link |
Confidential | September 2022 | Immunefi | N/A | Link |
Security review process guide
Questions to project
- What is the clear scope (
.sol
files) of the security review? - Does the project have well written specifications & code documentation?
- What is the code coverage percentage?
- Are there any protocols that are similar to yours, which are they?
- Have you had any audits so far, are you planning to do other audits/security programs as well?
- Which chain the protocol will be deployed on?
- What kind of token the protocol is expected to support?
- Is the admin role privilege consider as trusted or restricted?
- Is the code/contract expected to comply with any EIPs?
Based on the answers we can discuss the effort needed, the payment amount, and the timeline.
Security review result & fixes review
After the agreed upon time has passed, the project will receive the security review report. The project has 14 days to apply fixes on issues found. Each issues should be fixed in a separate commit that has a message pointing to the issue being fixed. Then, a single iteration of a "fixes review" will be executed by me, free of additional charges, to verify your fixes are correct and secure.
Important notes for the fixes review
- for any questions or clarifications on the vulnerabilities/recommendations in the report, you can reach out to me on the intended channel of communication
- changes to be reviewed should not include anything else other than fixes for the reported issues, so no big refactorings, new features or architectural changes
- in the case that fixes are too difficult to implement or more than one iteration of reviews is needed then this is a special case that can be discussed independently of this review
Disclaimer
A smart contract security review can never verify the complete absence of vulnerabilities. This is a time, resource and expertise bound effort where I try to find as many vulnerabilities as possible. I can not guarantee 100% security after the review or if even the review will find any problems with your smart contracts.