Cutting-Edge
Cybersecurity Services
We provide top-class security services.
We use the specialist knowledge acquired over the years to secure our clients’ assets and technology.
Web3
Smart contracts, blockchain, wallets and related
Web2
Web applications, external security assessments, OSINT, infrastructure
Architecture
Cloud, SDLC, infrastructure configuration review
Our clients
We are very pleased to be able to publicly share our cooperation with companies that have entrusted their security to us.
Here are some of them:
Checkd Group
Orderly Network
EcoWay
Chromia
Razor DEX
What we do
We are ready to
evaluate
verify
audit
protect
your product or service.
Regardless of whether you are a startup or a mature organization, we are ready to thoroughly analyze smart contracts, applications or infrastructure, and help improve it from the perspective of security, financial (DeFi) and architectural vectors.
Supported ecosystems
Since 2021 we are helping our clients to stay one step ahead of hackers. Technologies we've worked with:
The main branches of our specialization
Smart contracts
Smart contracts
DeFi Applications
DeFi Applications
Architecture and SDLC
Architecture and SDLC
Applications
Applications
Infrastructure
Infrastructure
Security Assessments
Security Assessments
Created by security researchers.
Each project is carried out by a team with many years of experience in offensive security, as well as extensive knowledge of DeFi and cryptography aspects.
Jakub Heba
CEO & Co-founder
- BCS in Computer Science – Security of IT Systems,
- Security Researcher and Penetration Tester since 2016,
- Holder of OSCE, OSCP and Lead ISO27001 certificates,
- Specializing in Rust language and Chains & Smart Contracts based on it,
- Extensive experience in CosmWasm, Substrate, ink!, Ethereum and Scrypto,
- Audited more than 40 DeFi projects.
Łukasz Mikuła
CTO & Co-founder
- Conducting Penetration Tests and Red Teaming assessments since 2015,
- Holds 15+ CVEs in Web Applications,
- Author of popular cybersecurity trainings: eJPT, eWPTXv2, and the most challenging eCXD,
- Smart Contract Auditor, specialized in EVM, with experience in CosmWasm and MOVE,
- Holder of OSCE, OSCP, eWPT and eWPTX certificates.
Luiza Zdżalik
Marketing Manager
- Responsible for translating engineering ideas into human language,
- Manages the creation of marketing stuff and online content, keeping a consistent brand look,
- Takes care about client relationship.
What characterizes us?
Your securityis our priority.
As a specialized company, we have extensive experience in the industry.
Dozens of analyzed contracts and dApps
Experience with multiple blockchain technologies
Extensive knowledge of the security of decentralized finance
Many years of experience in traditional penetration tests and security research
Article, News & Post
Recent Blog & Post
We want to work to increase knowledge and awareness in the field of web3 security. We regularly publish articles describing niche topics, issues and solutions.
A guide to reentrancy: abusing the external calls for fun and profit
The reentrancy vulnerability is one of most serious ones that can be found in solidity smart contracts. Apart from the “classic” reentrancy like the one from the infamous DAO hack, there are other types of this vulnerability. In this article, we describe them along with some popular strategies on how
Ethereum signatures for hackers and auditors 101
In real world you can sign documents using your personal signature, which is assumed to be unique and proves that you support, acknowledge or commit something. The same can be done on ethereum blockchain and in solidity smart contracts – but using cryptography. In this article, we will briefly explain
Common proxy vulnerabilities in Solidity – part 2
In the previous part, we explained some of typical proxy issues related to initialization, lack of state update or frontrunning. In this part, we would like to talk a bit about function and storage conflicts and also about decentralization. Proxy function clashing This vulnerability is unlikely to be found unless
Automated auditing part 2 – usage of AI for Smart Contracts testing
Introduction Creating a project or solution from scratch is a difficult and time-consuming process. A business concept must first be developed, then it must be translated into a high-level solution architecture, and finally the software development stage takes place. Because we will be focusing on hypothetical smart contracts in this
Common proxy vulnerabilities in Solidity part 1
Proxies are used to implement upgradeability in Solidity smart contracts. They serve as a middleman between a contract and its users. They are employed to change a contract’s logic without altering its address. A master copy contract and a proxy contract that refers to the master copy are how proxies
Automated auditing part 1 – fuzzing with Echidna
What is Echidna? In this part, we will cover the very basics of Echidna usage. Echidna is an animal, but it is also the name of a Solidity fuzzer. This tool is really worth mastering since a skilled user can be able to test a smart contract with it in
