Do you audit VARA-licensed stablecoins?

Yes. The Issuance of Virtual Assets rulebook expectations form the pass-fail line. Findings cite the rule clause and the contract function affected.

Which L2s are covered?

Arbitrum, Optimism, Base, zkSync Era, Polygon zkEVM, Scroll. Bridge contracts on both sides are reviewed. Findings name chain and contract.

Are upgrade patterns reviewed?

Yes. UUPS, Transparent, Beacon, and Diamond. Storage-collision and initializer-skip paths tested. VARA upgrade-disclosure rule cited.

Do you test against Foundry and Echidna corpora?

Yes. Fuzz, invariant, and formal tests run side-by-side with manual review. Logs are kept for the VARA inspection record.

EVM + L2 smart contract audit

EVM + L2 audits, Ethereum, Arbitrum, Optimism, Basewith a forked-mainnet PoC.

Manual line-by-line smart contract audit of Solidity, Vyper, and Yul. ERC-4337 paymasters, EIP-7702 delegation, ERC-4626 vaults, MEV-aware ordering, L2 bridges on Arbitrum, Optimism, Base, Scroll, and zkSync. Every finding ships with a forked-mainnet proof-of-exploit transaction, not a CWE row.

EVM audit flow: a Solidity / Yul contract glyph → magnifier (manual audit) → orange proof-of-exploit hash bubble 0x…74e3, with an L2 tag (Arb / Op / Base) in the corner.

Why now

The window from vulnerability discovery to exploitation has gone from weeks to hours.

Trusted by security teams across Fintech, SaaS & Education, Enterprise & Telecom, Security & Critical Infrastructure

WHAT EVERY EVM AUDIT SHIPS.

Three artifacts a treasury or board reviewer asks for after deploy.

Forked-mainnet PoC, ERC and EIP conformance read at the Yul level, plus L2-specific replay surface. The artifacts every treasury and board reviewer asks for after deploy.

Opcode-level read

YUL

Solidity and Vyper reviewed line by line. The compiled Yul checked against the source for opcode-level surprises: SLOAD ordering, MSTORE corruption, jump-table abuse, return-data overflow.

Forked-mainnet PoC

0x…

Every finding reproduced as a Foundry or Echidna PoC against the actual deployed state. Reentrancy classes (single-function, cross-function, read-only), ERC-4337 paymaster takeover, ERC-4626 share inflation, MEV sandwich, EIP-7702 delegation drift.

Cross-domain replay

Arbitrum, Optimism, Base, Scroll, zkSync. L1 to L2 messaging, nonce reuse on the bridge, finality assumptions on optimistic withdrawals, precompile-equivalence gaps versus L1.

EVM-SIDE FINDINGS.

EVM and L2 classes the standard checklist will not surface.

180+

01
Reentrancy, three flavors
Single-function, cross-function, and read-only reentrancy reproduced against forked mainnet with a Foundry exploit test.
02
ERC-4337 paymaster takeover
Sponsorship logic where a crafted UserOperation drains the paymaster deposit or pins gas onto an unrelated bundler.
03
EIP-7702 delegation drift
Delegated EOAs that keep authority across a session boundary, letting an old code pointer execute on new state.
04
ERC-4626 share inflation
First-deposit donation attacks against vaults, plus rounding that quietly transfers value from late depositors to the donor.
05
L2 bridge nonce reuse
Optimism and Arbitrum withdrawal proofs replayed against a stale message root, or sequencer ordering used to front-run finalization.
06
MEV sandwich and JIT
Slippage tolerances and TWAP windows tuned so a searcher can wrap the victim swap profitably inside one block.
07
Yul and assembly slips
Hand-written Yul that skips a calldata bounds check, or inline assembly that clobbers the free memory pointer.

On record

EVM AUDIT METHODOLOGY.

Four phases. Solidity, Yul, and MEV under one rubric.

Same engagement shape as the parent audit, scoped to EVM-specific surface area: storage layout and Yul opcodes, reentrancy across all three classes, MEV-aware ordering, account abstraction, and L2 cross-domain calls.

01
Threat-model & scope
02
Static, symbolic, fuzzing
03
Manual exploit research
04
Report & fix-verify

Six EVM contract shapes. Named bugs in each.

Solidity, Vyper, and Yul on EVM L1, L2s (Arbitrum, Optimism, Base, Scroll, zkSync), and EVM-compatible chains (Polygon, BSC, Avalanche). Each surface audited against the EVM-specific bugs that actually break contracts of that shape.

Account abstraction & paymasters

Paymaster takeover via unbounded validation gas, entry-point trust assumptions, bundler-griefing, userOp replay across chains, signature aggregation edge cases.

EOA delegation (EIP-7702)

Delegation-target drift between signing and execution, nonce-tracking gaps, authorization-list replay, downgrade attacks when delegation is cleared, storage collisions inside the delegate.

Vaults and yield (ERC-4626)

First-deposit share inflation, rounding-direction abuse on convertToShares, hook-based reentrancy on deposit/withdraw, accounting drift across rebases and fee streams.

Reentrancy classes & MEV

Single-function, cross-function, and read-only reentrancy. MEV sandwich, back-run on oracle update, time-bandit reorg risk, JIT liquidity griefing on AMMs, written into the audit as named classes.

L2 bridges & cross-domain calls

L1↔L2 nonce reuse, cross-domain messenger spoofing, finality assumptions on optimistic withdrawals, fee-token misaccounting on Arbitrum, Optimism, Base, Scroll, zkSync.

Yul, opcodes, upgradeable proxies

Yul output diffed against Solidity intent; storage-slot collisions on UUPS, Transparent, and Diamond; uninitialized implementations; delegatecall context confusion through guards.

EVM chains in coverage

Ethereum L1 plus L2s (Arbitrum, Optimism, Base, Scroll, zkSync, Linea) and EVM-compatible chains (Polygon, BSC, Avalanche). Solidity, Vyper, and Yul reviewed by the same auditor pair.

See surfaces

EVM CVEs published

Public CVE records from SL7 EVM research. Open the advisory, read the write-up. Verifiable artifacts, not customer aggregates.

Read disclosures

240+

Manual review-hours

Per EVM engagement, per auditor pair. Itemised in the sample report on request. Foundry and Echidna augmented, never tooling-only.

Request the sample

Insights

Ethereum & EVM Resources.

EVM-side audit notes: gas-griefing, delegatecall traps, and the upgrade-pattern mistakes our reviewers flag again and again.

Ethereum smart contract audit walkthrough

Reentrancy, delegatecall, and tx.origin checks with Slither and Foundry findings mapped to Solidity remediation.

Solidity top security risks

Common Solidity flaws including reentrancy, integer overflow, access control gaps, and oracle manipulation on EVM chains.

Web3 pentest scope for EVM dApps

Pentest scope for Ethereum dApps spanning Solidity contracts, MetaMask flows, RPC endpoints, and bridge integrations.

Rule of the rig

“A finding without a forked-mainnet transaction is a guess. Every severity in our EVM audit ships with a Foundry PoC against the actual deployed bytecode, single-function, cross-function, or read-only reentrancy; ERC-4337 paymaster takeover; L2 nonce reuse. Fix-verify means the PoC reverts on the patched contract, not that the diff reads clean.”

Lead smart-contract auditor, SecureLayer7Verified Gartner review

Meet your engagement lead

One named lead from scope to close.

John Dill

vCISO at SecureLayer7

200+

engagements scoped

chains in coverage

14 yr

SL7 offensive lineage

EVM audits start with scope, not code. John maps your Solidity contracts, storage layout, ERC and EIP conformance, and L2 cross-domain surface into a written engagement plan, then brings in the auditor pod that signs the report.

Read the redactable sample report.

Pick a 30-minute slot. We will scope your engagement on the call.

Book a 30-min call

AI in our engagements

Where AI runs. Where a human signs.

AI accelerates recon, ABI mapping, and Foundry test scaffolding. CREST-accredited researchers chain the exploit at the Solidity and Yul level and sign every finding. We publish the handoff per phase so your auditor can read it.

How AI fits in EVM audits

Tested by industry.

The bug classes named below come from real engagements in each sector. Pick the closest fit.

FinTech

DeFi protocols, custody contracts, on-chain payment rails, lending logic.

See FinTech pentest

Tech SaaS

Web3 SaaS contracts, oracles, governance flows, upgrade-path safety.

See Tech SaaS pentest

Built for United Arab Emirates engagements

What changes when we deliver here.

Compliance scoping
Findings tagged to VARA Issuance of Virtual Assets rulebook
Regulatory framework
ADGM DLT framework mapping for FSRA-regulated issuers
Local engagements
Audited a UAE-issued stablecoin's mint and burn paths
Local pricing
AED quotes; per-contract with LoC band and chain band
Compliance scoping
Foundry, Echidna, Halmos artifacts kept with report

Ethereum-audit questions UAE issuers ask.

Do you audit VARA-licensed stablecoins?
Yes. The Issuance of Virtual Assets rulebook expectations form the pass-fail line. Findings cite the rule clause and the contract function affected.
Which L2s are covered?
Arbitrum, Optimism, Base, zkSync Era, Polygon zkEVM, Scroll. Bridge contracts on both sides are reviewed. Findings name chain and contract.
Are upgrade patterns reviewed?
Yes. UUPS, Transparent, Beacon, and Diamond. Storage-collision and initializer-skip paths tested. VARA upgrade-disclosure rule cited.
Do you test against Foundry and Echidna corpora?
Yes. Fuzz, invariant, and formal tests run side-by-side with manual review. Logs are kept for the VARA inspection record.

Delivery in United Arab Emirates

VARA stablecoin + ADGM DLT aligned.

Solidity and Vyper findings cite VARA Issuance of Virtual Assets rulebook and ADGM DLT framework. Foundry, Echidna, and Halmos logs are kept with the report.

Direct line: +971-4-123-4567
Office: Dubai, UAE

Frameworks scoped: UAE IAS · NESA · ADHICS · PCI DSS · ISO/IEC 27001.

Sample audit report cover: hairline document with the title AUDIT REPORT, a small CONFIDENTIAL stamp, and three redacted finding bars beneath, the top row carries an orange severity dot and the truncated tx hash 0x…74e3.

EVM sample audit report

See a forked-mainnet ERC-4626 PoC.

A redacted EVM audit report: every finding mapped to a forked-mainnet tx hash, every remediation tied to exact Solidity and Yul lines. ERC-4337 paymaster and L2 bridge findings included.