Audit Company

Certora

Certora introduced formal verification to the DeFi sector through Certora Prover, enabling them to provide extensive code coverage in the industry.
DSA presents a unique series of reports on the smart contract and blockchain app auditor market. This report is published for the first time and is not affiliated with any specific vendor. The DSA expert team has performed an in-depth analysis of the blockchain security providers in the market. For that, a methodology was developed, and specific criteria were selected. The data provided in the report are actual for February 2024.
Contents
The main criteria for auditor review
1
Trustworthiness
At this point, we analyze the team, key players, as well as the experience of the company in the field.
2
Media Presence
In this paragraph, we analyze the social networks of the project, the engagement rate, and media publications.
3
Speed and service
In this paragraph, we analyze the speed of the audit as well as the speed of the team's response to the request.
4
Expertise
At this point, we analyze the company's experience with different networks, technological advancements, as well as additional services.
5
Price
In this paragraph, we analyze prices and additional services (We send the same sample contract to every auditor), sales, promo offers, bonuses, discounts, and legal transparency.
6
Quality
In this paragraph, we analyze audit quality, report analysis, and user experience.
Categories and sub-categories
6 categories are present in the review and each may be divided into sub-categories. Each category is evaluated to receive from 1 to 10 points. The same rule applies to each sub-category and the arithmetic mean value of the sub-categories will become a result of the main category. The main result will be calculated in the same manner.
Trustworthiness
  • Team members' separate experiences in the field
  • Current team’s experience in the field
  • Company experience (years of service, date of the first audit)
Media Presence
  • Social media (engagement rate, further – ER)
  • Media publications
Speed
  • Audit speed
  • First response speed (from a real person)
  • Follow-up response speed
Expertise
  • What blockchains does the company audit (rare chains and language get an additional point)
  • Technological advancements (developments, tools, automated tools)
  • Services (KYC, Incident research, marketing)
Price
  • Prices and additional services (We send the same sample contract to every auditor)
  • Sales, promo offers, bonuses, discounts
  • Legal transparency
Quality
  • Audit quality, report analysis
  • User experience

Detailed analysis

6 categories are present in the review and each may be divided into sub-categories. Each category is evaluated to receive from 1 to 10 points. Same rule applies to each sub-category and the arithmetic mean value of the sub-categories will become a result of the main category. The main result will be calculated in the same manner.

Trustworthiness

Average score 10/10

1

Team members' separate experiences in the field

The leadership team consists of 12 members, but the following 4 are most notable:

Mooly Sagiv - CEO
Shelly Grossman - CTO
Nurit Dor - CPO
John Toman - Chief Scientist, Vice President of Research and Development


All the leadershi[ team members possess considerable experience in their respective areas, as well as experience working in large companies such as IBM, VMware, Check Point Software. It’s also worth pointing out that the СЕО Mooly Sagiv is a professor at Tel Aviv University in the Systems and a CS department, he is also a visiting researcher at Stanford University and a visiting professor at UC Berkeley (Electrical Engineering & Computer Sciences (EECS)).
John Toman used to be a special researcher at Kyoto University.
2
Current team’s experience in the field
The company’s LinkedIn page provides an employee list of over 70 names. The team includes tech specialists, auditors, blockchain researchers, marketologists, business development experts, and writers. The majority of the team members possess experience of over 2 years in this company in addition to a strong background of over 4 years in their respective fields of work.
3
Company experience (years of service, date of the first audit)
According to the LinkedIn page, the company was founded in 2018. Neither public repository with the list of audited projects nor the date of the first audit could be located. However, considering the level of trustworthiness of the team leaders, their experience, and large investors such as CEO StarkWere and the CEO of Aave, we can place the first audit around the same time as the company's founding.

Media presence

Average score 7/10

1

Social Media

There is an average number of subscribers on the company’s X page, but the engagement rating is high compared to similar accounts. Among the subscribers, there are many top projects, funds, influencers, and popular crypto community members, for example, Balancer, Electric Capital, Celo, Origin Protocol, Curtis Spencer etc. The company posts security quizzes and rewards its subscribers with merch. It organizes podcasts with other teams, analyzes hacker and other types of attacks, and so on.
2
Media publications
The company is prominent in such media as Cryptonews, Yahoo FInance, crypto.news, coindesk, cointelegraph etc. However, the majority of articles contain just a mention of the company’s name in an article about a project audited by it. There were no publications such as founder interviews, market research, or anything similar.

Speed

Average score 3,33/10

1

Audit Speed

An audit takes 4-6 weeks, which isn’t fast compared to similar companies and the expected amount of work.
2
First response speed
After leaving a request on the website, we received an email from the manager within a day (approx. 12 hours).
3
Follow-up response speed
We have provided the project information to the manager and asked several additional questions. The response was received after two days and only after following up to remind the manager about the request.

Expertise

Average score 8,66/10

1

What blockchains does the company audit

At this time, the company works only with EVM chains and projects built on Solana.
2
Technological advancements
The company offers 2 products:
Prover - a formal verification tool
Gambit - an open-source Solidity mutation testing tool to evaluate and strengthen the testing suite.
3
Services
Aside from smart contract auditing services, the company offers a set of enterprise services:

Unlimited audits
Certora experts write rules for your code
Unlimited Prover access
Training & dedicated support
Incident response

Prices and additional services

Average score 6,33/10

1

Audit prices, affordability

The company has offered two options:
Option A: an audit completed in 4 weeks for $160 000
Option B: an audit and an official check completed in 6 weeks for $220 000,

These prices are very high compared to those of other similar companies. It’s available to a small number of wealthy project owners.
2
Sales, promo offers, bonuses, discounts
During communication with the team, no discounts were offered. After completing an audit, the team publishes announcements in its social media. The company also arranges collaborations and events with many of its clients, including inviting them to conferences.
3
Legal transparency
The company accepts payments in stablecoins, fiat, and even sometimes accepts partial payment in project tokens.

Quality

Average score 10/10

1

Audit quality, report analysis

  • Issue description (thoroughness, code examples): YES

  • Project description and contracts (what do they do): YES

  • Conclusions (automatically generated vs written by specialists): YES

  • Recommendations: YES

  • Quality of findings (a large number of automatically generated audits is a disadvantage): YES
Issues are described thoroughly and in detail. A project description is provided and a formal verification of a code is performed.

2
User Experience
A quote can be requested only through a form on the website, there are no direct contacts available. This isn’t the most convenient way for potential clients who are looking for information before making a final decision.

Final Score

Considering the results presented in every category, the following points have been assigned:
  • 10/10 Trustworthiness
  • 7/10 Media presence
  • 3,33/10 Speed
  • 8,66/10 Expertise
  • 6,33/10 Prices and additional services
  • 10/10 Quality
The Final Score:
7,55/10
This is the analytic report in a series of reports on the smart contract and blockchain apps auditor market. Presented to you by DSA, it’s guaranteed impartial and factual information on the most well-known, new, and obscure players.
Follow us on Twitter and be the first to know about new reports
Haсken Analysis Report
Hacken Defi Security company was founded in 2017 in Kyiv, Ukraine by security specialists and hackers to deliver cybersecurity solutions to companies and individuals, making histories of success.
RugFreeCoins Analysis Report
A company that conducts smart contract security audits and provides token listing and other related services.