The OpenZeppelin Security Audit

Engaging with various platforms including AMMs like Bancor V3 and Balancer, the UniswapX order settlement protocol, the Beefy swap router, and the Panoptic options trading platform, which leverages Uniswap V3 liquidity positions, demonstrating our proficiency in V3 concentrated liquidity mathematics. Furthermore, we've completed over 13 audits for 1inch, the premier DEX aggregator.

Our security researchers have uncovered critical vulnerabilities across leading protocols with billions in TVL - including reward distribution flaws in Radiant Riz, potential bad debt creation in AAVE V3, and potential skipping of bad debt socialization in Morpho Blue. We specialize in securing lending protocols against core risks such as incorrect debt accounting, liquidation edge cases, and interest rate miscalculations to ensure protocol’s security at scale.

These include Chainlink and UMA Protocol, and Oracle-dependent components used by platforms like Compound and Synthetix Oracle manager, which utilize Pyth, Chainlink, and Uniswap V3 TWAP oracles. As UMA's primary security partner, we've conducted over 10 audits, revealing critical vulnerabilities in its optimistic verification system and cross-chain components. Additionally, we've identified high-severity issues in Polymarket's integration with UMA.

We worked with the Ethereum Foundation on three audits of Account Abstraction’s EIP-4337, identifying over seven high+ severity issues, enhancing Ethereum protocol’s security. Our discoveries encompassed deposit record manipulations, incorrect gas calculations, and invalid aggregated signature verifications, among others. We also audited Pimlico’s ERC20 token paymaster implementation, allowing users to pay transactions in any ERC20. During this audit, our researchers dived deep into the ERC 4337 paymaster reputation rules.

Back in 2018, we audited Tether, the most used stablecoin in the world. In 2019, our team found a live critical vulnerability affecting MakerDao, the issuer of DAI. Today, we are Origin’s main security partner, performing over 7 audits including the Origin dollar, a yield-bearing decentralized stablecoin. During our engagement with Origin, we added value through multiple findings, including critical findings that would have resulted in yield theft. We also secure Mountain Protocol, issuers of USDM, a yield-bearing rebasing stablecoin backed by T-Bills.

We partner with leading financial institutions across North America, Latin America, Europe, and Asia as their trusted blockchain advisors. We also audited and provided operational infrastructure for the issuance of the A$DC Australian Dollar stablecoin by the ANZ Bank.

Our work in NFTs encompasses audits for some of the most widely known issuers and exchanges, including Yuga Labs, creators of BAYC, and OpenSea.

In the gaming space, we are The Sandbox’s security partner, performing over 15 audits to their protocol. Other gaming experience includes Decentraland’s MANA token as well as the PoolTogether protocol, finding critical issues that prevented loss of funds due to user duplication in their prize pools.

We audit governance modules for industry leaders like Compound, Lido and Agora, identifying critical vulnerabilities to ensure proposals, voting, and execution mechanisms are secure. Our security researchers have identified 25+ issues in Lido’s Dual Governance and 27+ issues in Agora’s module-based voting, votable supply, and proposal validation. We’ve been a long-standing security partner for Compound, performing over 70 audits to enhance their security infrastructure and protect substantial on-chain assets.