Is Your Project Safe From Hackers?

Staking

We have audited multiple Lido staking implementations, EigenLayer modules and Staking for Zircuit. In particular EigenLayer's middleware and AVS such as EigenDA was audited by our team. Collectively, these projects handle over $40B. A number of High severity issues in these projects were identified as part of our audits.

Decentralized Exchanges

Whether it's a novel constant-function market maker or a fork of an existing protocol, our team is fully prepared. For example, we've recently identified a high severity CVE in live Uniswap smart contracts (CVE-2022-48216), which led to redeployments on all affected chains. Our team has also worked with Maverick, where we found a critical vulnerability allowing infinite minting for pool shares. We can also help secure Dex integrations, such as Uniswap V3 position managers. In an audit for Maple Finance we found 3 distinct critical and high-severity vulnerabilities related to AMM integrations.

DeFi

The Dedaub team has made several security contributions for DeFi, directly auditing some of the best known protocols. Example include multiple audits for Lido. Findings include a critical issue that allows price manipulation between the base and staked token, that can result in a theft of funds. The team has also audited Pendle smart contracts. The team discovered a high-severity CVE in a live version of Uniswap's UniversalRouter. More recently, the team also performed audits for GMX V2, Liquity V2, as well as EigenLayer, finding high-severity issues for all 3 teams. Finally, many modern DeFi protocols are underpinned by Chainlink Oracles, stablecoins such as USDC, and the evolution of the EVM. Our team has also been involved in securing these too.

L1s - L2s

The Dedaub team has been particularly impactful for L1s. For the Ethereum Foundation we have audited and performed impact studies for a variety of EIPs over the years, including EIP-1884, EIP-3074, EIP-4788, EIP-6780, Verkle Trees and others. With our help the Ethereum community was able to derisk network upgrades, and preemptively find issues or tweak EIPs to minimize impact. Through our distinctive tech we can also pinpoint projects that would be adversely affected by network updgrades. For instance, for EIP-3074 we identified Sushiswap and older versions of Compound. Our team can also conduct audits of sequencers, node implementations in GoLang, consensus protocols and evaluate compatibility of EVM-based chains.

NFTs

Our work in NFTs includes audits for the world largest decentralized NFT exchange, Blur. Notably our team has found access control issues allowing anyone to be able to execute arbitrary transactions on a user's proxy, together with high severity denial of attack issues.

Oracles

As a long-term security partner of Chainlink, our team has conducted over 30 private audits targeting most components of the Chainlink stack. DeFi protocols incessently rely on fair and accurate price and cross-chain data connectivity. Our team has also audited Oracle integrations, that in addition to Chainlink utilize Pyth, Uniswap TWAP oracles.

Stablecoins

Our team has audited implementations of the USDC and TUSD stablecoins, developed by Coinbase and Archblock respectively.

Bridges

Unfortunately, the world's largest hacks (by financial value) involve bridges. In 2022, our team proactively detected vulnerability in a large decentralized bridge and demonstrated via a PoC how all the funds moved to the Fantom chain could be stolen in a single transaction, yielding over $1B in profit. Our team was subsequently awarded a $2m bounty for this find. Dedaub also successfully audited Chainlink CCIP, which, in our view, is one of the most secure bridges to date.