Code Review

The Automated Bug-Hunting Engine

Internally codenamed "SKOLL," like the legendary wolf in Norse mythology that chases the Sun tirelessly, our automated engine will intelligently simulate endless possibilities to attack your Web3/blockchain projects (hundred transactions per second) and find these critical and high impact bugs. Very different from scanners based on static methods, in addition to covering most mundane and standard bugs, the engine is built to maximize code coverage, invent new attack vectors and find novel and hard-to-reach exploits.

We'd like to think of it as a hacking A.I, developed by perhaps one the most hardcore group of tool builders ever assembled (e.g., DARPA Cyber Grand Challenge Finalist, developers of the most prolific bug scanners against Rust, Linux and Microsoft Azure and the inventor of the 1st 64-bit Android jailbreaking tool are all in the core team). The goal is to incorporate continuous and autonomous bug searching into your project's development process and help developers to build a battle-tested system from early on, complementing the static one-off auditing model + bug bounty programs with a frequent, developer-friendly and life-cycle security solution.

Try our automatic code review system if you are

Endlessly waiting for your code to be audited before release
Unsatisfied with the ineffective and non-transparent auditing services you took in the past
Simply looking for different ways to review your code or compliment your existing security solutions

Key points

Test your smart contracts by simulation rather than searching simple patterns in your code
Self-explore your smart contracts and intelligently cover every line of code with no human intervention on-the-fly
Track the scanning process and start fixing any issues found early in the development process
Built by security researchers who have proven track record of building state-of-the-art scanners in the past(they are responsible for discovering hundreds of bugs in real-world software)
Updated with the latest attack vectors and threat models contributed by community hackers from PwnedNoMore DAO

👉Join the Early-Access Program (For both Solana and EVM Projects)❗️

We are onboarding both Solana and EVM projects who want to give our automated engine a try for free! Since we are in our early-stage testing period and will test run a more customized version of the system for participating projects, we cannot accommodate all access requests. If you are interested, please email us at [email protected] or go to our front page and click “Schedule a free consult and join our free early access program⚡️” to start the process. We are looking forward to chatting with you!

Requirements:

Solana or EVM based projects
(For now) Feature-complete code that can be at least compiled and deployed on the testnet
- Often the most critical issues are the joint effect of exploiting various features in the whole system, not confined in the unit scope.
- Unlike a static code checker, our engine requires deployed smart contracts to dynamically process testing transactions

The onboarding:

We need to understand the basics of your smart contracts with your assistance:
- We need to get access to your code first (This can be after our free consult call).
- We will then set up a technical call with your developers.
  - We quickly walk through the code base and cover the following aspects:
    - Code structure and external dependencies.
    - High-level business functions of your smart contracts.
    - Unit tests.
  - We introduce the workflow and usage of our engine.
We will closely work with you to setup the engine in the following 1 or 2 weeks.
We will continuously report our scanning process and findings to you.