Dear Lido Audits Committee,
I wanted to introduce you to our auditing services.
Home to some of the best smart contract security researchers in the market and one of the strongest Developer Relations teams in the industry - Cyfrin professionals come from backgrounds at Chainlink, Alchemy, Google, Apple, Meta and other industry-leading organisations.
Cyfrin contributes to Web3 security by providing auditing services, open-source developer tooling and free education.
Security Problem
According to the REKT Database, as of July 2024, total losses in the DeFi sector exceeded $80 billion. In 2022 alone, DeFi experienced hacks resulting in over $3.8 billion in losses. In 2023, although funds stolen decreased to $1.7 billion, the number of individual hacking incidents actually grew from 219 in 2022 to 231 in 2023.
This is a security problem, a best practices problem, and a branding problem—rightfully keeping institutions and users away from a world-changing technology. Failing to address this issue undermines the very efforts to bring Web3 into the mainstream.
Introduction to Cyfrin
Laser-focused on Web3 security, Cyfrin is a market leader in smart contract audits. We have effectively conducted audits for some of the largest protocols, securing over $20B in TVL. We have gone one step further by building a competitive audit platform, CodeHawks, to bolster web3 security further.
In addition to providing private and competitive security audits, we provide open-source tooling and services for the entire community with Solodit and Aderyn.
At Cyfrin, we’ve taken on the enormous task of embedding security at every section of the web3 stack. More than a blockchain security research firm, Cyfrin is a web3 security powerhouse solving crypto’s most fundamental issues: security, education, and developer experience.
-
We have some of the industry’s best security researchers. We offer private and competitive audits and facilitate multi-phase audits, offering a modular mixture of both types based on the need to increase the protocol’s protection.
-
We offer in-depth educational content through Cyfrin Updraft to onboard developers into Web3 and teach them how to build on it securely.
-
We have created the most watched smart contract security/developer educational content on earth, taught by our co-founder, Patrick Collins.
-
We have developed open-source tools to give researchers greater information access and provide developers with a safer building experience.
- Solodit: Aggregates bounties and security findings from the world’s top Smart Contract auditing companies and solo auditors, helping update the industry on the latest Smart Contract threats, bounties, and competitions.
- Aderyn: Built using Rust, Aderyn integrates seamlessly into small and enterprise-level development workflows. It offers lightning-fast command-line static analysis functionality and a framework for building custom detectors that adapt to any Solidity codebase.
Cyfrin Private Audits
Cyfrin employs a rigorous audit process in which our security researchers thoroughly review smart contracts or protocol codebases to identify, report, and mitigate critical vulnerabilities that could disrupt protocol services. We minimize redundancies and optimize outcomes by integrating end-to-end security solutions with cutting-edge smart contract audits and expert researchers.
Our private audit service is tailored to meet the needs of both upcoming and established protocols. Our security research team collaborates closely with the protocol team to detect weaknesses and provide in-depth guidance on industry best practices. Consistent communication ensures that teams can swiftly address any vulnerabilities unearthed, enabling them to begin developing solutions without delay.
CodeHawks Competitive Audits
Cyfrin’s CodeHawks offers competitive audits, a cost-effective, thorough, and industry-endorsed way to enhance protocol security.
Unlike a traditional private audit, competitive audits offer a community-driven approach to security. Hundreds of security researchers, nicknamed Hawks, review a smart contract or codebase and compete to identify vulnerabilities, inefficiencies, and potential issues. Those auditors who find the vulnerabilities are rewarded through a prize pool established before the competition starts.
CodeHawks v2
The CodeHawks team has been gathering feedback to better understand the features security researchers and protocols want, from how they use the platform to where enhancements should be made. This has led to improved processes (submissions, judging, appeals), usability, talent management, integrations, and more.
Today, CodeHawks has taken the next step in our journey and launched the next generation of competitive auditing platforms, CodeHawks v2.
What’s new in the updated CodeHawks platform?
Already one of the most intuitive, easiest-to-use competitive audit platforms, Codehawks v2 represents a step change in usability with a complete platform refactor, a new suite of features, and better tools for protocols and auditors.
Protocols’ process for listing and managing competitions is faster, easier, and more comprehensive. A new dashboard and cleaner look level up the auditor experience. New rules have been introduced to improve the appeals process and community judging, making them more streamlined and fair.
Key Terms
- Private audit: A team, consisting of usually 2-3 security researchers, spends weeks looking at a protocol’s codebase to find the most critical exploit vectors in a codebase, as well as perform architecture analysis, fuzz testing, improvement pull reviews, etc.
- Public Competitive Audit: An audit where hundreds, of security researchers review a codebase and compete for funds in a set reward pool based on the complexity of vulnerabilities found, its impact, and its uniqueness.
- Private Competitive Audit: An invite-only audit where a protocol invites top-performing auditors to review their code and compete in community driven audit competition.
- Multi-Phase Audit: a model known as the Multi-Phase audit. Crafted to maximize the quality of audits, a critical aspect in the Web3 space, by strategically incentivizing auditors and ensuring that the protocol codebase goes through at least two comprehensive auditing phases, Private & Competitive, enhancing the protocol’s ultimate security.
Contact Details
Telegram: Cyfrin_MScrine
Email: [email protected]