blockchain and smart contract audits

Blockchain and smart contract audits

Smart contracts security assessments. Security tests of decentralized Web3 applications, wallets, exchanges or trading platforms and their infrastructure, on-chain analysis of attacks and fund flows.

Get a quote

Why REDTEAM.PL services?

Clients most often choose us because of our recognizable consultants with superior technical expertise. We have 20 years of experience in cybersecurity, dozens of acknowledgements for responsibly disclosed bugs in the most popular software, and over 50 references for provided services. We have authored numerous recognized publications by the European Union Agency for Cybersecurity (ENISA) and Polish Scientific Publishers (PWN). In addition, our research has been recognized by American entities such as the SANS Institute and Forbes magazine. All services are performed only by experienced experts, we do not execute services with the help of people without years of experience.

See the Competencies of Our Team

Our team identified and responsibly disclosed multiple critical and high rated vulnerabilities in popular global utilized products. We received acknowledgements eg. from the following organisations:

Adobe
Oracle
Microsoft
VMware
Mozilla
Netflix

Application Security

In Web3 smart contract front end security is often overlooked and considered less important, due to the fact that it's "only" an interface to the contract. However this couldn't be further from the truth as classical web vulnerabilities are much more severe in the blockchain space. For example a Stored Cross-Site Scripting (XSS) vulnerability in a decentralised marketplace could lead to theft of funds from users wallets or improperly stored secrets (e.g. private keys) could lead to taking over control of the whole protocol. UI integration security is critical, as most of the time regular users will be using it instead of interacting directly with smart contracts. The two examples mentioned here are real cases identified by our consultants.

Smart Contract Audits

Security of smart contracts is a critical factor especially in the decentralized finance (DeFi) space. Once deployed on mainnet and real user funds starts flowing in and the total value locked (TVL) increases, the interest of black hats about the project also rises. An exploited vulnerability in a smart contract may result in catastrophic losses to the project users and its owners. It is important to incorporate security in the development lifecycle from the start.

REDTEAM.PL is experienced in conducting smart contract audits / security assessments mainly for Ethereum Virtual Machine (EVM) based chains (e.g. Ethereum, BNB Chain, Polygon or Avalanche to name a few) written in Solidity or Vyper. In addition we also have experience with Cairo (StarkNet) and Rust (Terra and Solana).

Exchange & Trading Platforms Security

If you are running a centralized crypto exchange or any kind of trading platform handling user funds it is critical to perform regular security assessments for both applications and network infrastructure. REDTEAM.PL has been providing penetration testing services to both crypto currency exchange sector as well as traditional finance for many years confirmed with references.

Blockchain forensics & Incident Response

In case a hack has already happened and funds were lost whether a smart contract has been exploited or private keys have been stolen we can aid the customer by performing an analysis of the incident. Using on-chain analysis we can track the funds flow and perform a post mortem analysis of an exploit in order to determine the root cause. We can also help in classic Digital Forensics & Incident Response (DFIR).

Managed Bug Bounty Programs

It is critical to get a smart contract audit, ideally from a few different vendors and not just to rely on one. Once the contract has been deployed on mainnet and getting significant user adoption the project owners should consider starting a bug bounty program in order to incentivise whitehat hackers from around the world to look at their code and responsibly disclose security issues before a blackhat finds it and steals the funds. Depending on the customer needs we can help with designing, setting up and maintaining a bug bounty program.

Projects & Companies Verification (OSINT)

Venture Capital Funds, Angel Investors, businesses or even individual investors that are looking into investment opportunities or partnerships should verify their contractors. Using Open Source Intelligence (OSINT) techniques and our technical expertise we can help perform risk assessment and identify potential red flags. Background checks of the team, business entities, analysis of the whitepaper and verification of the project claims. Checking blockchain data for connection with known scams or fraudulent sources of funds. Smart contracts analysis for potential risk factors e.g. rug pulls, low quality, copy/paste code is also performed.

Wallet Security Assessments

In case you are developing a crypto currency wallet whether in the form of a desktop, mobile, web application, hardware or a browser extension REDTEAM.PL can help you with assessing its security. We have a proven track record of identifying vulnerabilities in popular software including browsers from Google, Apple or Microsoft.

Meet Our Team

The company founders have a rich professional experience, additionally confirmed with certificates recognised worldwide, publicly presented research, references and thanks from known companies such us Google, Microsoft, Apple (references available upon request).

find out more
Adam Ziaja
Adam Ziaja

Chairman of the board and a co-founder of REDTEAM.PL. Has a wide professional experience both in offensive and defensive cybersecurity.

read more…

Pawel Wylecial
Pawel Wylecial

Board member and a co-founder of REDTEAM.PL. For many years focused on mostly offensive security research and having many accomplishments in the field.

read more…

Explore Our Offer

We deliver advanced technical consulting services covering multiple aspects of cybersecurity from red team to blue team. Thanks to a diverse experience in IT security we are able to look at a wider perspective during engagements. Our abilities come from many years of work experience in cybersecurity and are confirmed with certificates, publications, advisories and references from our customers.

We recommend cooperation with REDTEAM.PL for professionalism and full commitment in the provision of services related to the security of websites.
— EFL Leasing (Crédit Agricole Group)

REDTEAM.PL performs tasks in the field of security testing. The assignments are carried out on time and of high quality.
— Center for Informatics Technology (Ministry of Digital Affairs)

CERT.EE would like to thank REDTEAM.PL for the valuable information, which has helped us to improve security of IT resources of the Republic of Estonia.
— Estonian National and Governmental CSIRT

REDTEAM.PL has performed penetration tests of the integration module with the payment operator of the Reserved online store. The work was completed on time and with due diligence, and the service provided was high quality.
— Reserved (LPP)

REDTEAM.PL performed penetration testing of a web application. Tests were carried out within the agreed timeframe and with due diligence. Results of the work provided in the report were understandable.
— Allianz

CERT.LV would like to thank REDTEAM.PL for the valuable information, which has helped us to improve security of IT resources of the Republic of Latvia.
— Latvian National and Governmental CSIRT

REDTEAM.PL has performed penetration tests of a mobile application. The entrusted work has been carried out on time and with due diligence, which resulted in a high quality evaluation of the services provided.
— Carefleet (Crédit Agricole Group)

REDTEAM.PL carried out internal and external network penetration tests and personnel awareness tests (red teaming). The team showed great commitment as well as a proactive attitude and flexibility during testing. We recommend cooperation with REDTEAM.PL.
— Orbis (Accor Group)

REDTEAM.PL performed penetration testing of a web application. The work was carried out in a timely manner, with due diligence and professional ethics.
— PKO Życie TU (PKO Banking Group)

REDTEAM.PL carried out penetration tests of software produced by TELDAT. The work was performed professionally, on time and with due diligence. The conclusions in the form of a report were precise and related to all areas of interest to the contracting party.
— TELDAT

REDTEAM.PL has performed logs and disk images analysis. Computer forensics service was performed on time and with due diligence. The delivered results in the form of a report were comprehensible.

We recommend REDTEAM.PL, the config review and penetration testing services requested by us were provided with the highest quality. The audit team demonstrated great commitment, professionalism and extensive knowledge.
— Institute of National Remembrance (IPN)

REDTEAM.PL performed penetration testing of an online store. The work was completed on time, with due diligence and was of high quality.
— GO Sport