Get the Estimated Cost of Audit Here
Syntegrity is the only auditing firm offering both solo and team audits with flexible pricing and niche-specific experts. (If you are a lending platform, only an auditor expert in lending products will audit your product; we don't believe in generalized auditors, especially for larger scopes.)
- Before manual audit each codebase is run through LightChaser Bot, cost for this is paid by Syntegrity and nothing is charged to end user. For 1 run light chaser costs $1000.
- Clients will get niche experts instead of generalized auditors.
- Founder lead solo and team audits on demand.
- Each auditor has a different level of skillset, so we mix and match to give the best possible combination at the best possible price.
For more information, visit Syntegrity
[Ready to secure your smart contract? Contact Syntegrity today on Telegram for a consultation!]
| Project | Website | Report | Security Rating |
|---|---|---|---|
| Juicebox | https://juicebox.money/ | Report | 8/10 |
| Dein Finance | https://dein.fi | Report | 7/10 |
| Mem Bridge (EVM to AO Bridge) | https://decent.land | Report | 7.5/10 |
| Mem Bridge (Solidity, JS, Lua) | https://decent.land | Report | 8.5/10 |
| Chad Finance | https://chadfinance.xyz | Report | 9.5/10 |
| Prophet Bots | https://prophetbots.io | Report | 7/10 |
| Seraph | https://www.seraph.game/#/main | Report | 10/10 |
| Zero Finance | https://zerog.finance/ | Report | 7.8/10 |
| Wirex | https://wirexapp.com/ | Report | N/A |
| Contest | Platform | Rank |
|---|---|---|
| Chainlink | Code4rena | 🥇 1st |
| KelpDao | Code4rena | 🥈 2nd |
| Aloe V2 | Sherlock | 🥈 2nd |
| Mello Modular LRT | Sherlock | 🥈 2nd |
| Napier Finance | Sherlock | 🥈 2nd |
| Hubble Exchange | Sherlock | 🥉 3rd |
| Unstoppable | Sherlock | 4th |
| Ondo Finance | Code4rena | 4th |
| DYAD | Code4rena | 4th |
| Axelar | Code4rena | 6th |
| These achievements demonstrate my expertise in identifying critical vulnerabilities and providing valuable insights across various blockchain projects. |
-
User can avoid paying high premium price by correctly timing his bond call
-
Inaccurate swap amount calculation in ReLP leads to stuck tokens and lost liquidity
Grade A analysis of protocol
-
One user can drain all the rewards from the bathBuddy
-
User can do an first deposit inflation attack on bathToken and can take away all the shares and rewards too.
-
Reward vesting formula is wrongly implemented and lead to wrong and unevenly distribution of rewards
-
Using
batchOffer()andbatchQuote()functions malicious user can disrupt the whole order book in his benefit and can drain the whole contract balance. -
Buy function transfers the assets to zero address for the offer where owner and recipient are both zero
-
Wrong use of block.number on optimism leads to wrong interest calculations and user may end up paying alot of interest or unable to close leverage position.
-
No deadline parameter in
sellAllAmount()andbuyAllAmount()functions
-
recipientsCountershould start from 1 inDonationVotingMerkleDistributionBaseStrategy -
Registry.solgenerate cloneAnchor.solnever work. Profile owner cannot use theirAnchorwallet
#Y2k Finance Findings
-
PriceOracle will use the wrong price if the Chainlink registry returns price outside min/max range
-
getPriceFromChainlink() doesn't check If Arbitrum sequencer is down in Chainlink feeds
-
Not using slippage parameter or deadline while swapping on UniswapV3
-
Lack of access control for
mintRebalancer()andburnRebalancer()
The Proof of Concept (POC) for the recent thirdweb exploit: A simplified ERC20 version utilizing ERC2771 context and OpenZeppelin's Multicall, demonstrating the potential for an attacker to transfer anyone's tokens among other exploits. Participated in multiple contests and consistently ranked in the top 5, showcasing a strong understanding and skill set in smart contract security. Repo Link
You can connect with me at: