Security audits for distributed systems

OpenZeppelin verifies that your distributed systems work as intended by performing an audit. Our engineers fully review your system’s architecture and codebase, and then write a thorough report that includes actionable feedback for every issue found.


You specify an audit-ready code commit through the email below


You get a quote and timeline


We start the audit


We privately send the report to your team


Your team fixes the issues


We examine your fixes, update and publish the report (optional)

Our most popular audit reports



  • What will I find in the audit report?

    The report outlines potential problems in the code with actionable recommendations to guard against potential attack vectors, together with a general analysis of the system dynamics, reflecting both state-of-the-art security patterns and opportunities for improvement regarding the project's overall quality and maturity.

  • Is the report private?

    Yes. We privately send the report to your team so they can address the issues we found. Publishing the report after your team fixes the issues is optional but strongly recommended as a way to contribute to the ecosystem’s security. We can work with you on a disclosure strategy.

  • Which technologies do you work with?

    We have expertise across the whole stack: from languages and compilers to smart contract systems, protocols, and applications. Our audit portfolio spans distributed payment networks, financial structures, and governance systems.

  • How do I know when I'm ready for an external audit?

    We have audited systems in different stages of development and production, but we have found that the best outcomes, and most interesting findings happen when the code has been tested and documented and is ready for deployment. This checklist lists a few basic quality measures that you should consider before you hand your next project over for an external audit.

The world’s leading projects work with OpenZeppelin

“OpenZeppelin's audit report was like Christmas morning for all the engineers. Our team is very pleased with the results.”

Tom Kysar
Tom Kysar Product Manager at Augur

“I have a very high opinion of the OpenZeppelin team and their work.”

Brendan Eich
Brendan Eich Founder of Mozilla and Brave, Javascript creator

Secure your code from Day 1

Reduce barriers to entry by securely implementing blockchain-based technologies, using standard developer tools and platforms.

A library of modular, reusable, secure smart contracts for the Ethereum network, written in Solidity.

  • check Leverage standard, tested, and community-reviewed contracts.
  • check Most popular library in the industry.
  • check Learn from best practices adopted by the ecosystem.
  • check Reduce your attack surface by reusing audited code.

A suite of tools to help you develop, test, upgrade, and deploy smart contracts.

  • check Interactive commands to accelerate local development.
  • check Easy bug-fixing and quick iterations via smart contract upgrades.
  • check Seamless integration with OpenZeppelin Contracts.
  • check Multi-network support.
  • check Compatible with Truffle.

Bundles to kickstart your decentralized web application.

  • check Built upon the most popular React setup: create-react-app.
  • check Interactive tutorial to assist your first dapp.
  • check Ready-to-go scaffolding with Web3 connection.
  • check Leverage OpenZeppelin SDK and Contracts automatically.

Request a Security Audit

Our quotes and turnaround times vary according to the codebase's length and complexity. Send an email to including your project's website, links to your source code, and system documentation.