www.oaksecurity.io
Open in
urlscan Pro
52.17.119.105
Public Scan
Submitted URL: https://oaksecurity.io/
Effective URL: https://www.oaksecurity.io/
Submission: On July 04 via automatic, source certstream-suspicious — Scanned from DE
Effective URL: https://www.oaksecurity.io/
Submission: On July 04 via automatic, source certstream-suspicious — Scanned from DE
Form analysis 1 forms found in the DOM
Name: email-form — GET
<form id="email-form" name="email-form" data-name="Email Form" method="get" class="form" data-wf-page-id="645954cb638e932987d1949b" data-wf-element-id="7218fad0-f666-2621-1e7d-5b688ab24c6f" aria-label="Email Form">
<div class="input-fields-wrapper"><input type="email" class="text-field w-input" maxlength="256" name="Email" data-name="Email" placeholder="Email" id="Email-2" required="">
<div class="div-block-11"><input type="text" class="text-field small w-input" maxlength="256" name="First-name" data-name="First name" placeholder="First name" id="First-name" required=""><input type="text" class="text-field small w-input"
maxlength="256" name="Last-name" data-name="Last name" placeholder="Last name" id="Last-name" required=""></div><input type="text" class="text-field w-input" maxlength="256" name="Project-name" data-name="Project name"
placeholder="Project name" id="Project-name" required=""><input type="text" class="text-field w-input" maxlength="256" name="Project-URL" data-name="Project URL" placeholder="Project URL" id="Project-URL"><textarea placeholder="Message"
maxlength="5000" id="Message" name="Message" data-name="Message" required="" class="text-field w-input"></textarea>
</div><input type="submit" value="Submit" data-wait="Please wait..." class="primary-button form w-button">
</form>Text Content
What we doTeamGet a quote SECURING THE DECENTRALIZED TRUSTLESS FUTURE At Oak Security, we offer security auditing and cyber security advisory services with a special focus on third-generation blockchains such as the Cosmos SDK and CosmWasm, Polkadot and Substrate, Solana, NEAR, and Flow (Cadence) ecosystems. We also serve Ethereum and EVM-compatible ecosystems through our brand Solidified. Get a quote "The team of @SecurityOak are unsung heros in the @CosmWasm ecosystem. Dedication, expertise and humbleness makes it pure joy working with them. The value they add by strengthening the framework behind the scenes makes them a SAFU gem for all of us." Simon Warta, Co-Founder and Managing Director, Confio GmbH Oak security in NUMBERS OUR STATS SPEAK VOLUMES 47 security researchers 150+ audits completed 2000+ Issues Discovered View published reports UNWAVERING SECURITY FOR EVERY STAGE Our signature product is a multi-layered audit, involving three or more independent security researchers with complementary skillsets performing an isolated and unbiased audit of your smart contracts. The final report lists all discovered vulnerabilities and suggested solutions approved by the consensus of auditors. Get a quote technologies SUPPORTED TECHNOLOGIES Cosmos SDK CosmWasm Substrate ink! Flow Solana NEAR More SERVICES HOW WE CAN SUPPORT YOU Our services cover all aspects of your software lifecycle, from early planning, secure design, economic consulting, secure development processes, over in-depth protocol reviews, secure use of cryptography and smart contract audits to on-going operational security. Idea discovery Security-first design Protocol review & design Economic consulting Secure development consulting Code reviews & penetration testing Release management consulting Operational security consulting Get a qoute what we secure SECURING THE DIGITAL FRONTIER Architecture Whitepapers, protocol design documents, economic models, governance models... Layer 1 Node implementations, consensus protocols, cryptographic primitives... Layer 2 Roll-up processors, cross-layer communication, settlement protocols… Smart Contracts Decentralized finance (DeFi), identity, governance protocols, DAOs... Off-chain DApps, wallets, bridges, data aggregation/indexing layers... "The Oak Security team has been extremely helpful in streamlining the whole audit process for our grants projects and reducing their time to market on Osmosis. We’ve also received positive feedback from our grantees as they’ve told us Oak Security has been a pleasure to work with.” Federico Daffina Minicucci, Steward of the Osmosis Grants Program, Reverie audit PROCESS RIGOROUS & COLLABORATIVE AUDIT APPROACH Our process is designed to be thorough, diverse, and mixed. We employ a variety of techniques and perspectives to give you a 360 degree review of your project to maximize coverage and depth. 01 Each audit is done by 3+ auditors, who are chosen for their expertise in your industry. Cryptography projects will have a cryptography expert on the team, DeFi projects will have an economist on the team. 02 Your auditors will work independently to conduct an in-depth assessment of your code and project, utilizing static and manual code reviews, as well as approved testing and modeling methods. 03 The auditors will reveal their findings in a Consensus meeting, collaborate on open leads and put together the final report which will be shared with you. Get a quote "Great catches! Love working with y'all and been recommending you to folks looking." Jack Zampolin, Founder and CEO, Strangelove team OUR TEAM SPANS THE WHOLE GLOBE Calling on a team of 45+ expert auditors including Master’s and PhD holders, economists, cryptography experts, and experienced computer scientists, we are able to tailor our audits to provide you with the support you need. MANAGEMENT TEAM Oak Security is the result of two domain experts in Computer Science and Economics getting together after years of collaborating to build a unique team to secure the new decentralized finance systems. DR. STEFAN BEYER Managing Partner Ph.D. in Computer Science Has worked on Distributed Systems since 2004 (Pre-Bitcoin) Blockchain security audits since 2018 More than 50 projects audited PHILIP STANISLAUS Managing Partner MPhil Economics, Cambridge (UK) Software engineer since 2007 Blockchain architect and developer since 2018 Web3 Experience: Dapper Labs/Flow, Polkadot/Web3 Foundation, Centrifuge "Oak Security's comprehensive audits of Sei Chain, CosmWasm bindings as well as modifications of both Cosmos SDK and Tendermint have been indispensable towards the journey to superior security for Sei. Their thorough and insightful approach has given an unparalleled sense of assurance in the solidity of Sei's systems. Oak Security's professionalism, expertise, and dedication have truly set them apart. Oak Security has our highest recommendation." Jayendra Jog, Co-Founder, Sei Labs REQUEST A QUOTE Thank you, we will get back to you as soon as possible. Oops! Something went wrong while submitting the form. FREQUENTLY ASKED QUESTIONS Can't find an answer here? Drop us a message Will an audit find all vulnerabilities? During our audits, we employ several measures to maximize the likelihood of finding critical issues in the codebase and provide as much security as possible. Despite these efforts, there is always a possibility that we miss issues. Security audits should only be considered to be one component of your overall security strategy. A security review is no substitute for other best practices and should be accompanied by a security-focused design process, extensive unit, integration, and end-to-end testing, internal code reviews, bug bounties, secure development and development processes, as well as strictly followed operational security processes. Whilst we would like to promise you a 100% hit rate, we believe no security company can make this claim. How much does an audit cost? It depends – we estimate the cost of each audit individually and provide a quote based on a number of factors, including the size of the codebase, its complexity, novelty, and the cost of the specialized team required for the specific project. Contact us here to request a quote, we will get back to you within one business day. How is Oak Security different from other firms? Oak Security uses a unique auditing process, based on blinded, independent reviews using a mix of methodologies. We staff at least 3 auditors on every audit, who work independently during the first phase of the project, initially not sharing their results. Each of the auditors follows their own methodology within our framework. This blinded approach has the advantage that auditors do not bias each other, whilst ensuring a wider breadth of techniques being applied. It also allows us to monitor the contributions of our auditors, which can be used to ensure high and consistent quality across projects. After this initial phase, the auditors will share their findings in a consensus meeting and produce a report which lists issues encountered together with recommendations. The final version of our report is transparently published to our GitHub repository (https://github.com/oak-security/audit-reports/). The selection of auditors for each project is performed in a unique manner. We assign at least 3 auditors with a background depending on a project's nature. For instance, a DeFi protocol with an economic model will have an auditor with a strong background in economics, and a ZK-rollup processor will have a cryptographer on the team. While all auditors are required to manually review all the code in the scope of the audit, we allow each auditor to add their own set of techniques. This may include economic modeling, if appropriate, writing tests for edge cases not covered by the included tests, and fuzz testing for parts of the system that are susceptible to different behavior under a large number of parameter combinations. We believe this freedom in methodologies leads to the best results, since auditors compete internally to find critical issues, and will choose the best tools to help them during this process. How long does an audit take? The timeline for each audit depends on the complexity of the project and will be provided with our initial quote on a case-by-case basis. Audits may take anything from 0.5 weeks for simple projects to 12 weeks for very complex projects. In most cases, the duration is between 1 and 2 weeks. In addition to the duration of the audit itself, you should account for time to apply our recommendations. The verification of fixes for the issues is included in our audits. Our auditors remain available for 3 weeks after the initial report has been delivered for this process. When should I request a quote? We recommend reaching out as early as possible to avoid delays in case of longer lead times. We do not require a codebase that is ready for the audit when we create a quote. As long as we receive a work-progress version together with a description of the functionality to be added, we can create an estimate of the effort and budget required. We also offer clients who do not have a finalized codebase blanket reservations that will be refined closer to the audit start date. Can't find the answer here? Drop us a message Lastest articles OAK SECURITY INSIGHTS 04-08-2022 Solana Private Key Scare: What Builders Can Learn Read more 20-09-2022 What has changed in Smart Contract Security? A Five-Year Experience Report Read more 22-03-2022 Oak Security and Solidified Join Forces Read more TwitterMediumLinkedInContact Oak Security GmbH, © 2023 Privacy Policy Imprint & Legal Disclosure We serve the EVM ecosystem through our dedicated Solidified brand.