Tier List
Web3 Audit Firm Tiers
A heuristic ranking based on published audit reports, incident history, depth of tooling, and industry reputation. Within each tier, firms are grouped by their primary focus area.
S Tier
Industry top tier. The standard for major protocols. High cost and long queues.
General Smart Contract
5Trail of Bits
Known for deep security research and formal verification capability.
Clients MakerDAO, Compound, Uniswap
OpenZeppelin
Maintainer of the ERC standard library; the de facto DeFi standard.
Clients Compound, Aave, The Graph
Zellic
CTF-trained researchers. Strong in L1/L2 protocols and ZK systems.
Clients Sui, Aptos, MystenLabs
Asymmetric Research
Elite researchers including ex-Jump alums. Known for high-stakes incident analysis.
Clients Wormhole, Jito, MystenLabs
Sigma Prime
Authoritative in Ethereum consensus and client engineering.
Clients Ethereum Foundation, Lighthouse
Formal Verification
2A+ Tier
Near-S reputation. Frequently chosen by major protocols.
General Smart Contract
8ConsenSys Diligence
Recently focused on internal ConsenSys products such as MetaMask and Linea.
Clients MetaMask, Linea, Aave (legacy)
Spearbit
Top-tier independent researcher matching model. Boutique style.
Clients Optimism, ENS, Connext
ChainSecurity
ETH Zurich roots. Academic depth and proprietary formal-analysis tooling.
Clients Curve, Lido, Yearn
Cantina
Successor to the Spearbit marketplace. Top-tier researcher pool.
Clients Wormhole, EigenLayer
Ottersec
Quickly built reputation in the Solana and Move ecosystems.
Clients Jito, Marginfi, Drift
ChainLight
Korea-based security research team. Subsidiary of the Web2 security firm Theori.
Clients Optimism, Polygon, Abstract
Hexens
Well known for zero compromise record. Covers both general smart contract and cryptography.
Clients Polygon, Lens, 1inch
MoveBit
BitsLab-affiliated specialist for the Move language.
Clients Aptos ecosystem, Sui ecosystem
Cryptography & ZK
3Nethermind Security
Security arm of the Nethermind client team. Covers both Cairo and EVM.
Clients Starknet, Aave
Least Authority
Veteran in cryptography and privacy. Strong on ZK and protocol-level work.
Clients Tezos, Filecoin, Ethereum 2.0
Verichains
Vietnam-based. Strong cryptography background. Participated in the Ronin incident analysis.
Clients Ronin, BNB Chain
A Tier
Proven capability. Trusted by major DeFi and L1/L2 projects.
General Smart Contract
22Code4rena
Public audit contest format. Strength is many independent eyes.
Clients ENS, Connext, Olympus
Sherlock
Hybrid of audit contest and on-chain coverage.
Clients LayerZero, Perennial, Symmetric
Macro
Boutique founded by ex-Coinbase engineers.
Clients Optimism, Reserve, Worldcoin
Dedaub
Static analysis strength behind the Watchdog decompiler.
Clients Lido, Yearn, Chainlink
Pashov Audit Group
Boutique led by Krum Pashov. Fast turnaround and high signal-to-noise.
Clients Ethena, Karak, Sofamon
Electisec
Rebrand of yAudit and yAcademy. Boutique audits backed by an independent fellowship pool.
Clients Yearn, Cap, Cove
Recon
Invariant-testing specialist using Echidna, Medusa, and Halmos. Strong on accounting and economic bugs that manual review misses.
Clients Liquity, Centrifuge, Badger, Balancer
Cyfrin
Led by Patrick Collins. Maintainer of the Aderyn static analyzer.
Clients Beanstalk, Eigen Foundation
Three Sigma
Audit work combined with quantitative analysis. Strong on financial modeling verification.
Clients Maple Finance, GMX
Statemind
Standout in DeFi and LSD work. Frequently demonstrates concrete exploits.
Clients 1inch, Lido, Curve
Oak Security
De facto standard firm in the Cosmos and CosmWasm ecosystems.
Clients Osmosis, Mars Protocol
BlockSec
Security group best known for the Phalcon monitoring platform.
Clients Compound, Trader Joe
Ackee Blockchain
Maintainer of the Wake toolkit. Covers EVM and Solana.
Clients Lido, Trezor
Renascence Labs
DeFi mechanic-analysis boutique. Small but strong reputation.
Clients Bunni, Ekubo
Trust Security
Boutique that grew out of Trust1995's (Anatomist) solo audit reputation.
Clients Various DeFi, Solo audits
Guardian Audits
DeFi-focused boutique. Active in the Arbitrum ecosystem.
Clients GMX, Arbitrum ecosystem
Paladin
DeFi-focused boutique using a freelance researcher network model.
Clients LayerZero, Trader Joe, Avalanche
Pessimistic
Long-running Russia-based firm. Solid output.
Clients 1inch, Curve, Pickle
MixBytes
Veteran EU/CIS firm. Broad DeFi coverage.
Clients Lido, 1inch, Yearn
Coinspect
Veteran boutique specialized in wallet and mobile security.
Clients MetaMask, Argent
Decurity
Deep DeFi-mechanic expertise. Small precision boutique.
Clients Convex, Frax
TonBit
BitsLab-affiliated specialist for the TON ecosystem.
Clients TON ecosystem
B Tier
Mid-tier firms competing on price, formerly active firms with declining output, or firms whose reputation has eroded from frequent client incidents.
General Smart Contract
18Halborn
Combined smart contract audits and infrastructure penetration testing.
Clients Solana, Avalanche, THORChain
Quantstamp
Early DeFi audit firm. Broad portfolio.
Clients Maker, Solana, BNB Chain
Sec3
Solana-focused, combining audits with the X-ray automated analysis tool.
Clients Drift, Mango, MarginFi
PeckShield
Famous for on-chain threat-intelligence posts.
Clients BNB Chain ecosystem
SlowMist
Strong in Asia-region incident tracing and response.
Clients Binance, OKX, Huobi
Hacken
Broad service offering. Most active in exchange and wallet security.
Clients Polygon, Huobi, VeChain
QuillAudits
Fast-turnaround mid-tier. India-based, large-scale operation.
Clients Polygon, 0x
Salus
Active in ZK. Many researchers from Silicon Valley backgrounds.
Clients Linea, Manta
Iosiro
Deep Synthetix-ecosystem expertise. Based in South Africa.
Clients Synthetix, Kwenta
Composable Security
EU-based boutique. Narrow but deep specialty.
Clients Beefy, Mean Finance
Solidified
Active in the early DeFi era. Marketplace model.
Clients TheGraph, BarnBridge
Coinfabrik
Latin America-based veteran. Strong in RSK and Polkadot.
Clients RIF, Polkadot ecosystem
Hashlock
Australia-based mid-tier firm. Reasonable pricing.
Clients Pendle, Various
Zokyo
North America-based mid-tier. Broad security service offering.
Clients Various DeFi
ScaleBit
BlockSec-affiliated firm specialized in scaling and L2 work.
Clients Various L2
SharkTeam
Asia-region threat intelligence combined with audits.
Clients Asian ecosystem
Security Research Labs
Germany's SRLabs. Long-running general security firm now expanding into Web3.
Clients Various
CertiK
Smart contract audits draw quality-variance criticism, but the Web2 audit team (Skynet) has been showing meaningful recent activity.
Clients Wide BSC and altcoin coverage
C Tier
Low-cost mass-production auditors, or firms with thin track records and no major project audits.
General Smart Contract
45BAIL Security
Newer boutique. High volume of small DeFi engagements.
Clients Various mid-cap DeFi
Resonance Security
Formerly Cyber Unit. Combined infrastructure and contract security.
Clients Various
Sayfer
Israel-based. Many CTF-trained researchers.
Clients Various
Omniscia
General DeFi-focused mid-tier firm.
Clients Various DeFi
Bunzz Audit
Japan-based. Hybrid of automated analysis and manual review.
Clients Japanese Web3 ecosystem
WatchPug
Long-running mid-tier boutique.
Clients Various
Oxorio
EU-based mid-tier firm.
Clients Various EU DeFi
BlockApex
Pakistan-based mid-tier. Reasonable pricing.
Clients Various
Blaize.security
Ukraine-based mid-tier with broad DeFi coverage.
Clients Various
MetaTrust Labs
Singapore-based. Emphasizes AI-assisted analysis.
Clients Various
Softstack
EU-based mid-tier firm.
Clients Various
Beosin
Active with Asia-region small and mid-cap projects. Broad portfolio.
Clients Aptos ecosystem, Bytetrade
Solidity Finance
Low-cost fast-turnaround model. Narrow scope.
Clients Mid-cap DeFi
SmartState
Mostly works with smaller projects. Low entry pricing.
Clients Various small-cap
BlockSafu
Low-cost option focused on BSC tokens.
Clients Various BSC tokens
Audit One
Security service attached to a staking operator. Low-cost option.
Clients Smaller protocols
DeFiSafety
Process-maturity scoring service rather than a security audit.
Clients DeFi protocols (process audits)
Red4Sec
Spain-based general security firm. Also covers Web3 work.
Clients Various
Armors
Newer firm emphasizing AI-assisted analysis.
Clients Various
Team Omega
Newer mass-market firm.
Clients Various
DeFiMoon
Newer DeFi-focused mass-market firm.
Clients Various small DeFi
0xGuard
Mass-market firm focused on token issuers.
Clients Various tokens
Rugdog
Token screening service focused on rug detection.
Clients Various tokens
Securr
Newer mass-market firm.
Clients Various
Audita
Newer mass-market firm.
Clients Various
Monethic
Newer mass-market firm.
Clients Various
Advix
Newer firm emphasizing AI.
Clients Various
Mosaia
Newer mass-market firm.
Clients Various
Hakflow
Newer mass-market firm.
Clients Various
SCV Security
Newer mass-market firm.
Clients Various
0xTeam
Newer mass-market firm.
Clients Various
BugBlow
Newer mass-market firm.
Clients Various
SecureDApp
India-based mass-market firm.
Clients Various
Safe Edges
Newer mass-market firm.
Clients Various
Perimeter
Newer boutique.
Clients Various
Null Return
Newer mass-market firm.
Clients Various
ChainAudits
Newer mass-market firm.
Clients Various
Adevar Labs
Newer mass-market firm.
Clients Various
Sub 7 Security
Newer mass-market firm.
Clients Various
TechRate
Low-cost mass-market focused on BSC and SCAN tokens.
Clients BSC and altcoin tokens
Cyberscope
Combined KYC and audit service for token issuers.
Clients Various tokens
Solidproof
Germany-based low-cost firm. Fast turnaround with standardized reports.
Clients Various tokens
Hashex
CIS-based low-cost option. Broad token coverage.
Clients Various
InterFi Network
BSC mass-market. Issuer-friendly report style.
Clients BSC tokens
Shellboxes
Morocco-based low-cost firm. Fast-turnaround offering.
Clients Various