Cyfrin

According to the respective page on the website, the leadership team consists of 5 members. Four of them are the most notable:

Patrick Collins - Co-Founder & CEO
Alex Roan - Co-Founder & CTO
Hansfriese - Co-Founder & Audit Manager
Mark Scrine - Chief Sales Officer

All the leadership team members possess significant experience of over 10 years in their respective fields of qualification. They also have experience working in key positions in large companies such as Chainlink, Alchemy, Aragon, WorldCoin. It’s relevant to mention Hansfriese, a company that’s ranked at no.1 on the well-known bug bounty platform Code4rena (#1 Code4rena auditor and security researcher).

On the company’s page on LinkedIn, there is a list of 20 team members attached to the company. The team includes technical specialists, auditors, blockchain researchers, designers, and specialists in marketing and company development. Most of the employees have been with the company for about 2 years and possess a considerable background of 3 years or more in their respective fields.

According to the company’s LinkedIn and X pages, the company was launched in 2023. The public repository on GitHub lists the date of the first audit as Mar 24, 2023. The company has audited 15 projects since then.

The company’s account on X has a low number of subscribers and a medium engagement rating compared to other similar companies. The account is followed by several projects, influencers, and well-known faces in the industry, such as Alchemy, Zach Rynes, Streamr Network, etc. The company’s posts usually include announcements regarding developments, partnerships, company news, etc.

Articles about and with the participations of the company members are published in such media as Yahoo Finance, HackerNoon, CoinGape, etc.

An audit takes approximately 5-6 weeks which is relatively slow compared to what other similar companies are offering for the same amount of work.

After sending the request via the website, the manager responded within 24 hours.

After receiving the information about the project and answering several following questions, the manager provided the required information within 12 hours.

The company offers 2 types of audits:

Private Audit - a project is audited by the company’s in-house auditors specializing in EVM blockchains.

Competitive Audit - in a span of a week the company invites hundreds of auditors to participate and runs a competition in which auditors find vulnerabilities. Anonymously, the company judges the results and provides the final report. The successful participants receive a monetary reward. This type of audit can be held for any chain or network.

The company offers a vulnerability aggregator Solodit, that allows to study the reports, as well as mistakes and conclusions from previous audits.

Aside from smart contract audits performed by the company, a different type of audit is offered: Competitive Audit is a limited-time competition in auditing in which every competitor attempts to expose as many vulnerabilities as possible to win the reward as well as deliver the best result for the project. This type of audit is held through the company’s own platform CodeHawk.

The company also has its own educational portal dedicated to smart contract development Cyfrin Updraft

The price for an audit of our test project, if said audit is performed by the in-house team is $210.000. The price is very high compared to those of other companies. This makes the services affordable for a narrow circle of projects.
The Competitive Audit price with the platform commission included is $88.000 (the price was offered by the company, suggested ~$25 per line of code).

No discounts were offered during communication with the company. After the audit is complete, the company publishes an announcement on social media.

The company accepts payments in cryptocurrency (ETH, USDC or LINK), as well as in fiat via a bank transfer.

• Issue description (thoroughness, code examples): YES

• Project description and contracts (what do they do): YES

• Conclusions (automatically generated vs written by specialists): YES

• Recommendations: YES

• Quality of findings (a large number of automatically generated audits is a disadvantage): YES

There is a detailed description of a project in every report. The discovered issue descriptions reveal that a thorough manual code analysis takes place. Issues are explained in detail and proof of concepts is present.
There is a small issue in the lack of a conclusion. It’s possible that reports would benefit from graphic additions. Overall, the reports are very comprehensive.

A price can only be requested via a form on the website. No direct contacts for the manager are provided which makes it inconvenient for potential clients looking to ask questions and inquire about the services.