We relentlessly detect complex vulnerabilities before they become your problem
HELPING TO SECURE
OUR SERVICES
we conduct a comprehensive review of your smart contract architecture, covering all logic flows and edge cases. we detect critical vulnerabilities others might miss. you'll receive a detailed audit report, along with expert guidance to implement fixes and optimize your contract
whether you're developing a new concept or refining an existing architecture, our team delivers strategic, actionable insights aligned with your goals. we assess your design, identify potential vulnerabilities, and help you build a clear, effective, and secure product
we build advanced static analysis, deep learning, and llm-powered tools to detect vulnerabilities in smart contracts. our approach have uncovered critical flaws in contracts from top defi projects
WORKFLOW
Protocol analysis
Modular breakdown
we stay until the job is done
Deep code assessment
Attack vector exploration
Weekly reports
Internal cross review
Reaudit & verification
Comprehensive final report
Protocol analysis
Modular breakdown
Deep code assessment
Attack vector exploration
Weekly reports
Internal cross review
Reaudit & verification
Comprehensive final report
ABOUT US
We are a small team of highly efficient researchers with a proven track record of securing projects.
You can expect complete coverage, advanced attack research, and good vibes along the way.
We specialise in:
> thorough audits
> sophisticated analysis tools
> security consulting
OUR UNIQUE TOOLS
our static analysis tool enhances audits with automated security checks. it parses solidity code into a custom intermediate representation (ir) that captures the contract's structure and semantics. a pattern-based analysis engine then scans the ir against a comprehensive and continuously updated library of known vulnerabilities.
...
function swapTokensForEth(uint256 tokenIn) external {
require(token.transferFrom(msg.sender, address(this), tokenIn), "Transfer failed");
uint256 ethOut = getAmountOut(tokenIn, tokenReserve, ethReserve);
require(ethOut > 0, "Zero output");
(bool ok, ) = msg.sender.call{value: ethOut}("");
require(ok, "ETH transfer failed");
tokenReserve += tokenIn;
ethReserve -= ethOut;
}
...Items found:
High risk: 3
Medium risk: 2
Low risk: 4
on top of our existing tooling, we leverage the power of llms for various tasks: crawling the entire codebase, breaking it into logical components, and identifying potential vulnerabilities. the model then researches each vulnerability's impact, performs a review, and generates a detailed report based on confirmed findings.
REVIEWS
“Unvariant has been an invaluable partner for our Spell reviews. They work fast and dig deeper than most of the other teams I’ve seen”
“Thanks for reviewing everything in such detail - seing infos and mediums about the tiniest things proves that you`re checking it all”
After reviewing a bug we found: “Fascinating. I haven`t seen an attack like this before.”
Fill out the form and we'll get back to you!
REQUEST AN AUDIT
Tell us about your project and we will get back to you shortly.
