smart
contracts

Doyensec is well positioned to conduct in depth security auditing on blockchain technology and decentralized applications. On top of our broad defense expertise, we understand blockchain specific threats which allows us to realistically assess the vulnerabilities and recommend mitigations.

  • Ethereum, Solana and
    Algorand

    Doyensec specializes in Ethereum, Solana, and Algorand blockchains. We are used to finding bugs in code and have successfully applied our processes to Web, Desktop, and server applications for years. We are now adding Blockchain to that list and have developed a standardized auditing methodology to cover smart contract code.

    Our crypto and Smart Contract audit engagements will begin with threat modeling in order to identify security vulnerabilities before code is deployed on decentralized platforms. In detail, our Smart Contract audits kick off with a static analysis of the code to map out all the entry points and clearly define the threat model and avenues of attack.

    Then, by combining static analysis with dynamic testing we look for common vulnerabilities. Finally, deep analysis of business logic reveals very specific logic-based flaws which are typically custom to that platform. Along with well known public security tools we also use internally-built tools and labs to find and clearly demonstrate the implementation and business logic flaws we find during our assessments.

Authorization

  • Function Default Visibility
  • Signature Replay Attacks
  • Unprotected Ether Withdrawal
  • Authorization through tx.origin

Smart Contract Flaws

  • Reentrency
  • Insecure DELEGATECALL usage
  • Unexpected Ether balance
  • Weak Sources of Randomness
  • Unprotected SELF DESTRUCT Instruction
  • Integer Overflow and Underflow
  • Miscellaneous Logic Flaws

Business Logic

  • Rounding Errors
  • Incorrect Calculations

Environment Attacks

  • Front-Running
  • Flash Loan Attacks

Coding Best Practices

  • Redundant Checks
  • Dead Code
  • No Zero-Address Checks

our research articles

Research is one of our founding principles and we invest in it heavily. All of our researchers have the privilege to use 25% of their time exclusively for self-directed research.

show more publications

other services