A comprehensive guide to securing your protocol through professional code review -- from choosing the right audit firms to understanding what they look for and how to prepare.
Smart contracts are immutable by design. Once deployed to a blockchain, their code becomes the definitive source of truth -- bugs included. Unlike traditional software where a patch can be pushed in hours, a vulnerability in a live smart contract can drain millions of dollars before anyone has time to react. This fundamental reality makes pre-deployment auditing not just a best practice, but a survival requirement.
In June 2016, The DAO -- the first major decentralized autonomous organization on Ethereum -- was exploited for approximately 3.6 million ETH (roughly $60 million at the time). The attacker exploited a reentrancy vulnerability, a bug class that would have been caught by any competent audit firm today. The exploit was so devastating that the Ethereum community controversially decided to hard-fork the entire blockchain to reverse the theft, creating Ethereum Classic in the process.
This single event fundamentally changed the industry's attitude toward security. It proved that "code is law" only works when the code is correct.
In February 2022, an attacker exploited a vulnerability in the Wormhole bridge's Solana-side smart contracts. The bug allowed the attacker to mint 120,000 wETH (wrapped Ether) on Solana without depositing equivalent ETH on Ethereum. Jump Crypto, the parent company, ultimately covered the $325 million loss. The vulnerability was in a signature verification function that failed to properly validate guardian signatures -- a critical access control flaw.
The average cost of a smart contract audit is $50,000 to $500,000. The average cost of a smart contract exploit is $15 million. Projects that skip audits to save money are making a statistically catastrophic bet -- a 100x potential loss to save a fraction of their treasury.
The impact of an unaudited or poorly audited contract goes beyond the immediate financial damage:
One audit is better than none, but it is far from sufficient. The industry standard for any protocol managing significant value is a minimum of three independent audits from different firms. This is not marketing -- it is grounded in statistical reasoning and practical experience.
Every audit firm has inherent biases and blind spots. Their effectiveness depends on the tools they use, the experience of their individual auditors, and their particular areas of expertise. A single firm might excel at catching reentrancy bugs but miss subtle oracle manipulation vectors. Another might be world-class at formal verification but overlook business logic errors.
If a single audit firm has a 90% probability of catching a critical vulnerability (an optimistic estimate), then a single audit leaves a 10% chance of that bug shipping to production. Two independent audits reduce that probability to 1% (0.1 x 0.1). Three audits bring it down to 0.1%. For protocols managing hundreds of millions in TVL, that difference between 10% and 0.1% is the difference between eventual exploitation and robust security.
Each audit firm brings a fundamentally different approach to the table:
Start with a well-established firm that excels at comprehensive coverage. They will find the most common vulnerability classes and validate the overall architecture. OpenZeppelin is a strong choice for this first pass, as they have deep experience across protocol types and will identify structural issues early.
The second audit should come from a firm that approaches your code from an attacker's perspective. HYDN's red team background and penetration testing methodology complement traditional code review by testing how your protocol holds up against real-world attack patterns, including threats beyond the smart contract layer.
The third audit should use a fundamentally different methodology from the first two. If the first two audits were primarily manual review, the third should emphasize formal verification or property-based testing. If the protocol handles very large values, consider firms that use mathematical proofs (such as Certora or Runtime Verification) to verify invariants hold under all possible conditions.
Selecting the right audit firms is one of the most consequential decisions a protocol team will make. Below are the two firms we recommend and work with directly.
Methodology: Deep manual review combined with their proprietary Defender platform for ongoing monitoring. Their auditors follow a structured process: architecture review, threat modeling, line-by-line code analysis, and automated scanning. Reports are among the most detailed in the industry.
Notable clients: Compound, Aave, The Ethereum Foundation, Coinbase, USDC (Circle). Their open-source contract library is used by over 30,000 projects.
Strengths: DeFi protocols, token standards, governance systems, upgradeability patterns. They literally wrote the book on secure Solidity development with their widely-adopted OpenZeppelin Contracts library.
Best for: Teams building core DeFi primitives, token launches, or projects using OpenZeppelin's contract library who want auditors deeply familiar with the underlying code.
Methodology: HYDN combines in-depth smart contract auditing with advanced adversarial simulation (red teaming) and web3 penetration testing. With over 40 years of combined cybersecurity experience, their team assesses safety, functionality, and protection from an attacker's perspective. They specialize in EVM-compatible blockchains.
Notable clients: MetaMask, Bittrex, Sablier, and a16z-backed projects. Their red team has decades of experience fighting APT groups including Lazarus Group.
Strengths: Full-stack security beyond just smart contracts -- web3 penetration testing, adversarial simulation, blockchain consulting, and secure architecture design. Built for organizations that cannot afford to get security wrong.
Best for: Projects that need holistic security covering smart contracts, infrastructure, and operational security. Particularly strong for teams facing nation-state-level threats.
We work directly with both OpenZeppelin and HYDN. Projects referred through Metron receive additional discounts on audit engagements. Get in touch to learn more about our referral program and how we can help you get the best rate for your audit.
A professional smart contract audit follows a structured, multi-phase process. Understanding each phase helps teams prepare effectively and set realistic expectations for timelines and deliverables.
The audit firm reviews your codebase to estimate the effort required. They assess lines of code, contract complexity, external integrations, and the number of auditor-weeks needed. You will receive a proposal with cost, timeline, and team composition. During scoping, the firm may ask questions about your architecture, intended behavior, and known risks.
Your deliverables: Repository access, documentation, deployment scripts, and a clear description of what is in scope versus out of scope.
A kickoff call between your development team and the audit team. The auditors walk through the architecture with your engineers, ask clarifying questions, and align on communication channels. The specific commit hash to be audited is locked at this point -- no further code changes should be made during the audit window.
Key outcome: Both teams have a shared understanding of the system, threat model, and communication expectations. A shared Slack channel or similar real-time communication channel is established for questions during the review.
The core audit work happens here. Auditors perform manual line-by-line review, run automated analysis tools, write custom fuzz tests, and attempt to find exploitable vulnerabilities. Most firms assign 2-4 auditors who work independently before comparing findings to reduce blind spots.
During this phase, auditors may reach out with questions about intended behavior. Respond promptly -- auditor questions often indicate they are investigating a potential issue and a quick answer helps them determine if it is a real vulnerability or intended behavior.
The audit firm delivers a comprehensive report detailing all findings, categorized by severity (Critical, High, Medium, Low, Informational). Each finding includes a description, proof of concept or exploit scenario, affected code, and recommended fix. The report also typically includes an executive summary, methodology description, and overall assessment.
Severity levels:
Your development team addresses each finding. For each issue, you either implement the recommended fix, implement an alternative fix (with justification), or acknowledge the risk and document why it is accepted. All critical and high-severity findings should be fixed. Medium findings should be fixed where practical. Low and informational findings are at your discretion.
Important: Do not introduce new features during remediation. Only fix the reported issues and related code. New functionality requires a new audit scope.
The audit firm reviews your fixes to verify they correctly address the reported issues without introducing new vulnerabilities. This phase is typically included in the original engagement cost for a single round of fixes. The final report is updated with the remediation status of each finding (Fixed, Acknowledged, or Partially Fixed).
The final, public-facing report is produced after this phase. Many protocols publish their audit reports for transparency, which is considered a strong trust signal.
Smart contract auditors examine code for a wide range of vulnerability classes. Below are the most common and dangerous categories, along with Solidity code examples that illustrate how these bugs manifest in practice.
Reentrancy is the most infamous class of smart contract vulnerability. It occurs when a contract makes an external call to another contract before updating its own state, allowing the called contract to "re-enter" the original function and exploit the stale state.
Modern reentrancy attacks are more subtle than the classic example above. Cross-function reentrancy exploits shared state between multiple functions. Read-only reentrancy targets view functions used by other protocols. Always use a reentrancy guard (like OpenZeppelin's ReentrancyGuard) in addition to the Checks-Effects-Interactions pattern.
Before Solidity 0.8.0, arithmetic operations silently wrapped around on overflow and underflow. While Solidity 0.8+ includes built-in overflow checks, contracts using unchecked blocks or older compiler versions remain vulnerable.
Missing or incorrect access control is one of the most common vulnerability classes. Functions that should be restricted to administrators or specific roles are left publicly callable, allowing attackers to execute privileged operations.
DeFi protocols that rely on price oracles are vulnerable to manipulation if they use a single price source or a spot price that can be moved within a single transaction. Attackers exploit this by artificially moving the oracle price (e.g., via a large swap) and then interacting with the vulnerable protocol at the manipulated price.
Flash loans allow users to borrow massive amounts of capital with zero collateral, as long as the loan is repaid within the same transaction. Attackers use this capital to amplify other attack vectors -- particularly oracle manipulation, governance attacks, and arbitrage exploits.
Maximal Extractable Value (MEV) refers to the profit that block builders and searchers can extract by reordering, inserting, or censoring transactions within a block. Front-running is the most common MEV strategy, where an attacker observes a pending transaction in the mempool and submits their own transaction with higher gas to execute first.
Professional auditors also check for: storage collision in proxy patterns, denial of service vectors, signature replay attacks, timestamp dependence, tx.origin authentication, unchecked return values, gas griefing, and logic errors specific to your protocol's business rules. The categories above represent the most frequently exploited classes, not the complete list.
The quality of your audit directly correlates with how well you prepare. A well-prepared codebase means auditors spend their time finding real vulnerabilities instead of deciphering your code. Poor preparation leads to wasted auditor-hours, lower coverage, and a less valuable report.
Auditors will look at your test suite as a signal of code quality and to understand intended behavior. Aim for the following minimums before submitting your code for audit:
| Coverage Type | Minimum Target | Why It Matters |
|---|---|---|
| Line coverage | 90%+ | Ensures all code paths have been exercised at least once |
| Branch coverage | 85%+ | Verifies both sides of every conditional statement are tested |
| Integration tests | All critical flows | Tests contracts interacting with each other, not just in isolation |
| Fuzz tests | Core invariants | Property-based tests that run thousands of random inputs to find edge cases |
| Fork tests | External integrations | Tests against mainnet forks to verify behavior with real external contracts |
One of the most critical preparation steps is a proper code freeze before the audit begins:
solhint, prettier-plugin-solidity, and your formatter of choice.Before sending your code to an audit firm, verify: (1) all tests pass, (2) documentation is current, (3) NatSpec comments are on all public/external functions, (4) you have run Slither or a similar static analyzer and addressed its findings, and (5) your team has done an internal review. This preparation typically saves 20-30% of audit costs by reducing the time auditors spend on obvious issues.
An audit report is a snapshot in time, not a permanent guarantee of security. The work of securing your protocol continues well after the final report is published. The most resilient protocols treat security as an ongoing process, not a one-time checkbox.
Launching a bug bounty program immediately after deployment creates a continuous security review by the broader community. Platforms like Immunefi specialize in Web3 bug bounties and provide the infrastructure to manage submissions, triage reports, and pay bounties.
Deploy monitoring systems that watch your contracts for anomalous behavior in real-time. Key signals to monitor include:
Tools like OpenZeppelin Defender, Forta, and Tenderly provide monitoring and alerting capabilities specifically designed for smart contract operations.
For protocols that use upgradeable proxy patterns (UUPS, Transparent Proxy, Beacon), each upgrade introduces new code that requires its own security review. Best practices include:
Audit costs vary significantly based on codebase complexity, firm reputation, and market demand. The following ranges represent typical pricing as of early 2026. During bull markets, prices and wait times tend to increase as more projects compete for limited auditor bandwidth.
| Protocol Complexity | Lines of Solidity | Typical Duration | Cost Range |
|---|---|---|---|
| Simple Token / NFT | 200 - 500 | 1 - 2 weeks | $10,000 - $30,000 |
| Basic DeFi (Staking, Vesting) | 500 - 1,500 | 2 - 3 weeks | $30,000 - $80,000 |
| Medium DeFi (DEX, Lending) | 1,500 - 4,000 | 3 - 5 weeks | $80,000 - $200,000 |
| Complex DeFi (Derivatives, Bridges) | 4,000 - 10,000 | 5 - 8 weeks | $200,000 - $500,000 |
| Protocol Suite (Full Ecosystem) | 10,000+ | 8 - 16 weeks | $500,000 - $1,500,000+ |
Lines of code is the baseline metric, but complexity matters more. A 2,000-line contract with intricate mathematical formulas, assembly blocks, and cross-contract interactions will cost more to audit than a 5,000-line contract with straightforward CRUD operations. Novel mechanisms that have not been audited before (new bonding curve designs, exotic options, etc.) command premium pricing because auditors cannot rely on patterns from prior engagements.
Top-tier firms (OpenZeppelin, HYDN) command premium rates and often have wait times of 2-6 months. Their reports carry significant weight with investors and the community, which can justify the premium. Referral programs (like ours at Metron) can help reduce costs while maintaining access to top-tier auditors.
Rush audits (requesting priority scheduling) typically carry a 25-50% premium over standard pricing. Some firms offer expedited timelines where they allocate additional auditors to compress the review period. Plan ahead to avoid rush fees -- ideally, book your audit slot 2-3 months before your target deployment date.
Well-documented code with comprehensive test suites reduces the time auditors spend understanding your system, directly lowering the cost. Conversely, poorly documented code with minimal tests increases audit time and cost, because auditors must reverse-engineer intent from the code itself. Some firms offer discounts for projects that meet their documentation and testing standards.
Auditing Solana (Rust), Cosmos (Go), or Move-based contracts (Aptos, Sui) typically costs more than EVM audits due to the smaller pool of qualified auditors. Multi-chain deployments that require auditing the same protocol across multiple VMs further increase costs. Bridges and cross-chain messaging protocols are among the most expensive to audit due to the expanded attack surface.
When planning your security budget, multiply the single-audit cost by three and add 20% for bug bounty program funding. A medium-complexity DeFi protocol should budget $300,000 to $600,000 total for security. This sounds expensive until you compare it to the average exploit loss. Security is the highest-ROI investment a protocol can make.