Audit Company

Cyfrin

Cyfrin helps secure some of the top protocols and organizations in DeFi. They combine top leading researchers to enhance the security of customers and their users.
DSA presents a unique series of reports on the smart contract and blockchain app auditor market. This report is published for the first time and is not affiliated with any specific vendor. The DSA expert team has performed an in-depth analysis of the blockchain security providers in the market. For that, a methodology was developed, and specific criteria were selected. The data provided in the report are actual for May 2024.
Contents
The main criteria for auditor review
1
Trustworthiness
At this point, we analyze the team, key players, as well as the experience of the company in the field.
2
Media Presence
In this paragraph, we analyze the social networks of the project, the engagement rate, and media publications.
3
Speed and service
In this paragraph, we analyze the speed of the audit as well as the speed of the team's response to the request.
4
Expertise
At this point, we analyze the company's experience with different networks, technological advancements, as well as additional services.
5
Price
In this paragraph, we analyze prices and additional services (We send the same sample contract to every auditor), sales, promo offers, bonuses, discounts, and legal transparency.
6
Quality
In this paragraph, we analyze audit quality, report analysis, and user experience.
Categories and sub-categories
6 categories are present in the review and each may be divided into sub-categories. Each category is evaluated to receive from 1 to 10 points. The same rule applies to each sub-category and the arithmetic mean value of the sub-categories will become a result of the main category. The main result will be calculated in the same manner.
Trustworthiness
  • Team members' separate experiences in the field
  • Current team’s experience in the field
  • Company experience (years of service, date of the first audit)
Media Presence
  • Social media (engagement rate, further – ER)
  • Media publications
Speed
  • Audit speed
  • First response speed (from a real person)
  • Follow-up response speed
Expertise
  • What blockchains does the company audit (rare chains and language get an additional point)
  • Technological advancements (developments, tools, automated tools)
  • Services (KYC, Incident research, marketing)
Price
  • Prices and additional services (We send the same sample contract to every auditor)
  • Sales, promo offers, bonuses, discounts
  • Legal transparency
Quality
  • Audit quality, report analysis
  • User experience

Detailed analysis

6 categories are present in the review and each may be divided into sub-categories. Each category is evaluated to receive from 1 to 10 points. Same rule applies to each sub-category and the arithmetic mean value of the sub-categories will become a result of the main category. The main result will be calculated in the same manner.

Trustworthiness

Average score 7,87/10

1

Team members' separate experiences in the field

According to the respective page on the website, the leadership team consists of 5 members. Four of them are the most notable:

Patrick Collins - Co-Founder & CEO
Alex Roan - Co-Founder & CTO
Hansfriese - Co-Founder & Audit Manager
Mark Scrine - Chief Sales Officer

All the leadership team members possess significant experience of over 10 years in their respective fields of qualification. They also have experience working in key positions in large companies such as Chainlink, Alchemy, Aragon, WorldCoin. It’s relevant to mention Hansfriese, a company that’s ranked at no.1 on the well-known bug bounty platform Code4rena (#1 Code4rena auditor and security researcher).
2
Current team’s experience in the field
On the company’s page on LinkedIn, there is a list of 20 team members attached to the company. The team includes technical specialists, auditors, blockchain researchers, designers, and specialists in marketing and company development. Most of the employees have been with the company for about 2 years and possess a considerable background of 3 years or more in their respective fields.
3
Company experience (years of service, date of the first audit)
According to the company’s LinkedIn and X pages, the company was launched in 2023. The public repository on GitHub lists the date of the first audit as Mar 24, 2023. The company has audited 15 projects since then.

Media presence

Average score 7,8/10

1

Social Media

The company’s account on X has a low number of subscribers and a medium engagement rating compared to other similar companies. The account is followed by several projects, influencers, and well-known faces in the industry, such as Alchemy, Zach Rynes, Streamr Network, etc. The company’s posts usually include announcements regarding developments, partnerships, company news, etc.
2
Media publications
Articles about and with the participations of the company members are published in such media as Yahoo Finance, HackerNoon, CoinGape, etc.

Speed

Average score 5,5/10

1

Audit Speed

An audit takes approximately 5-6 weeks which is relatively slow compared to what other similar companies are offering for the same amount of work.
2
First response speed
After sending the request via the website, the manager responded within 24 hours.
3
Follow-up response speed
After receiving the information about the project and answering several following questions, the manager provided the required information within 12 hours.

Expertise

Average score 7,6/10

1

What blockchains does the company audit

The company offers 2 types of audits:

Private Audit - a project is audited by the company’s in-house auditors specializing in EVM blockchains.

Competitive Audit - in a span of a week the company invites hundreds of auditors to participate and runs a competition in which auditors find vulnerabilities. Anonymously, the company judges the results and provides the final report. The successful participants receive a monetary reward. This type of audit can be held for any chain or network.
2
Technological advancements
The company offers a vulnerability aggregator Solodit, that allows to study the reports, as well as mistakes and conclusions from previous audits.
3
Services
Aside from smart contract audits performed by the company, a different type of audit is offered: Competitive Audit is a limited-time competition in auditing in which every competitor attempts to expose as many vulnerabilities as possible to win the reward as well as deliver the best result for the project. This type of audit is held through the company’s own platform CodeHawk.

The company also has its own educational portal dedicated to smart contract development Cyfrin Updraft

Prices and additional services

Average score 4,33/10

1

Audit prices, affordability

The price for an audit of our test project, if said audit is performed by the in-house team is $210.000. The price is very high compared to those of other companies. This makes the services affordable for a narrow circle of projects.
The Competitive Audit price with the platform commission included is $88.000 (the price was offered by the company, suggested ~$25 per line of code).
2
Sales, promo offers, bonuses, discounts
No discounts were offered during communication with the company. After the audit is complete, the company publishes an announcement on social media.
3
Legal transparency
The company accepts payments in cryptocurrency (ETH, USDC or LINK), as well as in fiat via a bank transfer.

Quality

Average score 10/10

1

Audit quality, report analysis

  • Issue description (thoroughness, code examples): YES

  • Project description and contracts (what do they do): YES

  • Conclusions (automatically generated vs written by specialists): YES

  • Recommendations: YES

  • Quality of findings (a large number of automatically generated audits is a disadvantage): YES
There is a detailed description of a project in every report. The discovered issue descriptions reveal that a thorough manual code analysis takes place. Issues are explained in detail and proof of concepts is present.
There is a small issue in the lack of a conclusion. It’s possible that reports would benefit from graphic additions. Overall, the reports are very comprehensive.
2
User Experience
A price can only be requested via a form on the website. No direct contacts for the manager are provided which makes it inconvenient for potential clients looking to ask questions and inquire about the services.

Final Score

Considering the results presented in every category, the following points have been assigned:
  • 7,87/10 Trustworthiness
  • 7,8/10 Media presence
  • 5,5/10 Speed
  • 7,6/10 Expertise
  • 4,33/10 Prices and additional services
  • 10/10 Quality
The Final Score:
7,18/10
This is the analytic report in a series of reports on the smart contract and blockchain apps auditor market. Presented to you by DSA, it’s guaranteed impartial and factual information on the most well-known, new, and obscure players.
Follow us on Twitter and be the first to know about new reports
Haсken Analysis Report
Hacken Defi Security company was founded in 2017 in Kyiv, Ukraine by security specialists and hackers to deliver cybersecurity solutions to companies and individuals, making histories of success.
RugFreeCoins Analysis Report
A company that conducts smart contract security audits and provides token listing and other related services.