Multi-chain smart contract audit

Smart contract audits across six chains.Every finding proven on a forked mainnet.

Manual audits on Solana (Anchor / SPL), Cosmos (CosmWasm / IBC), Sui and Aptos (Move), Stellar Soroban, Cairo on StarkNet, and EVM. Every finding ships with a proof-of-exploit transaction on a forked chain, not a CWE row.

Why now

The window from vulnerability discovery to exploitation has gone from weeks to hours.

Trusted by security teams across Fintech, SaaS & Education, Enterprise & Telecom, Security & Critical Infrastructure

Airbase
Quiltt
Pacvue
Imagine Learning

WHAT EVERY MULTI-CHAIN AUDIT SHIPS.

Three artifacts your auditors expect from a multi-chain smart contract audit.

Per-chain primitives reviewed by name, named bug classes on every finding, plus a redactable sample report you can read before the scoping call.

Per-chain primitives
ANCHOR · IBC · MOVE

Anchor account constraints on Solana, IBC packet ordering on Cosmos, Move's borrow checker and resource semantics on Sui and Aptos, Cairo hint isolation on StarkNet.

Named bug classes
PoC tx

Cross-chain replay, validator-set bypass on relayers, Solana CPI privilege escalation, Move resource duplication, CosmWasm reply-handler abuse. Each chained into a working PoC on a forked chain.

Sample report
PDF

Redactable PDF with PoC transaction hashes on Solana or Cosmos. Send it to your auditors before the scoping call.

MULTI-CHAIN AUDITS.

Per-chain bug classes across the non-EVM ecosystems we audit.

7
  1. 01
    Anchor account confusion

    Solana programs missing has_one or signer constraints, letting a crafted account substitute as the owner record.

  2. 02
    CosmWasm storage corruption

    cw-storage-plus key collisions and unchecked Item overwrites that desync the contract from its own state.

  3. 03
    Move resource leak

    Sui and Aptos modules that drop a resource without consuming it, leaving capability tokens addressable after burn.

  4. 04
    Cairo hint bypass

    StarkNet contracts where a hint or syscall handler skips the validity check that the on-chain prover assumed.

  5. 05
    Soroban auth gaps

    require_auth() missing on a privileged Stellar entrypoint, or an authorized invoker chain that loops back to the attacker.

  6. 06
    Bridge nonce reuse

    Cross-chain message relays that accept a replayed nonce from the source chain, minting twice for one deposit.

  7. 07
    Oracle and validator drift

    Price feeds that lag a fork, plus validator slashing conditions that under-penalize equivocation on a young L1.

Chains audited.

On record

  • CREST accredited
  • ISO/IEC 27001

MULTI-CHAIN AUDIT METHODOLOGY.

Four phases. Per-chain primitives, one artifact.

Same engagement shape across chains. Severity scored against your contract's invariants on its own runtime (Anchor accounts, IBC packets, Move resources). Not a generic checklist.

01

Threat-model & scope

Roles, assets, invariants, and chain-specific quirks: Solana's account model and rent, Cosmos block re-org and IBC timeouts, Move's resource ownership, Cairo hint trust. Output: a written threat model your dev team signs off before any tooling runs.

02

Static & chain-aware tooling

Anchor lints and Sealevel attack vectors on Solana; cosmwasm-check and IBC ordering review on Cosmos; Move Prover and the borrow checker on Sui or Aptos; cairo-lint on StarkNet; Slither and Mythril on EVM. Every hit triaged by hand.

03

Manual exploit research

Findings chained into proof-of-exploit transactions on a forked chain: Solana CPI privilege escalation, account-confusion attacks, Move resource duplication, CosmWasm reply-handler abuse, validator-set bypass on cross-chain relayers, signature replay across chains. Each one ships as bug class plus on-chain PoC.

04

Report & fix-verify

Severity rated against the CREST-mapped rubric, delivered as a redactable PDF with PoC tx hashes on the relevant chain and diff-style remediation per primitive. Free re-test on the same scope once patches land.

Six contract surfaces. Named bugs on each chain.

Solana with Anchor and SPL, Cosmos with CosmWasm and IBC, Sui and Aptos with Move, Cairo on StarkNet, Soroban on Stellar, and cross-chain bridges. Each surface audited against the bugs that actually break contracts of that shape.

Solana programs (Anchor / SPL)

Missing account constraints, signer confusion, CPI privilege escalation, rent-exemption drain, Sealevel concurrency races, the failure modes Anchor lints miss.

Scope an audit

CosmWasm contracts & IBC channels

Reply-handler reentrancy, packet-ordering assumptions, channel-takeover via misconfigured port binding, validator slashing edge cases on cross-chain payloads.

Scope an audit

Move modules and resources

Resource duplication and silent drops, borrow-checker bypass through generic types, capability leaks across modules, Move Prover spec gaps that ship as exploits.

Scope an audit

Cairo contracts on StarkNet

Hint manipulation when prover and verifier disagree, storage-var collision on upgrades, L1↔L2 message replay, syscall-trust assumptions that an attacker can break.

Scope an audit

Cross-chain bridges & messaging

Validator-set update races, signature replay across chains, fee-token misaccounting, malicious source-chain payload, finality assumptions on optimistic withdrawals.

Scope an audit

Soroban contracts on Stellar

Authorization-frame skipping, env-context spoofing on host functions, storage-footprint griefing, contract-instance vs persistent storage confusion.

Scope an audit
7

Chain runtimes audited

Solana (Anchor or SPL), Cosmos (CosmWasm or IBC), Sui and Aptos (Move), Cairo on StarkNet, Soroban on Stellar, plus EVM. One researcher lead per engagement, all chains.

See surfaces →
9+

Chain CVEs published

Public CVE records from SL7 research. Open the advisory, read the write-up. Verifiable artifacts, not customer aggregates.

Read disclosures →
240+

Manual review-hours

Per engagement, per auditor pair. Itemised in the sample report on request. Tooling-augmented, never tooling-only.

Request the sample →

Insights

Multi-chain audit Resources.

Audit write-ups across Solana, Cosmos, Move, and Cairo: Anchor account confusion, IBC reply abuse, Move resource leaks, and the cross-chain replay bugs that drain bridges.

Rule of the rig

A finding without a working proof-of-exploit transaction is a guess. Every severity in our multi-chain audit ships with a forked-chain PoC, Solana, Cosmos, Move, or EVM, your dev team replays locally. Fix-verify means the PoC reverts against the patched contract, not that the diff reads clean.
Lead smart-contract auditor, SecureLayer7Verified Gartner review

Meet your engagement architect

One named lead from scope to close.

John Dill

vCISO at SecureLayer7

200+

engagements scoped

11

chains in coverage

14 yr

SL7 offensive lineage

Multi-chain audits start with scope, not code. John maps your contracts, invariants, and chain assumptions (Anchor accounts, IBC packets, Move resources) into a written engagement plan, then brings in the auditor pod that signs the report.

Read the redactable sample report.
John Dill, vCISO at SecureLayer7

Pick a 30-minute slot. We will scope your engagement on the call.

Book a 30-min call

AI in our engagements

Where AI runs. Where a human signs.

AI accelerates recon, account-graph mapping across Solana programs and CosmWasm modules, and report drafting. CREST-accredited researchers chain the exploit on each chain's own runtime and sign every finding. We publish the handoff per phase so your auditor can read it.

How AI fits in multi-chain audits →

Deep dive on EVM

Need a pure-EVM audit?

Solidity, Vyper, Yul, ERC-4337 paymasters, EIP-7702 delegation, ERC-4626 vaults, L2 bridges on Arbitrum, Optimism, Base, covered in a dedicated audit page. Same auditors, same forked-mainnet proof-of-exploit deliverable.

Ethereum smart contract audit →

Tested by industry.

The bug classes named below come from real engagements in each sector. Pick the closest fit.

FinTech

DeFi, custody, tokenization, settlement, on-chain payment-rail logic.

See FinTech pentest

Tech SaaS

Web3 SaaS contracts, governance, upgrade safety, oracle integrations.

See Tech SaaS pentest

Built for Saudi Arabia engagements

What changes when we deliver here.

  • Compliance scoping

    SAMA fintech sandbox graduation language in the report

  • Regulatory framework

    PDPL on-chain personal-data scoping per finding

  • Local engagements

    Riyadh tokenisation startup passed SAMA sandbox audit on first try

  • Local pricing

    SAR per-contract pricing with VAT 15%

  • Compliance scoping

    Test signing keys sealed in KSA HSM

Smart contract questions from KSA Web3 founders.

  • Does the audit support Fintech Saudi sandbox exit?

    Yes. Contract findings are written so SAMA sandbox reviewers see the rules in plain language. The sandbox graduation file is shorter.

  • How is PDPL covered for on-chain data?

    We map any personal data written on-chain to PDPL Article scope. Off-chain mitigations are recommended row by row.

  • Which chains do you cover?

    EVM (Ethereum, Polygon, Arbitrum, BNB) and non-EVM (Solana, TON, Cosmos) audits are run with chain-specific rubrics.

  • Where do signing keys sit during testing?

    Test signing keys stay in a KSA HSM or jump host. Production multisig keys are not requested at any stage.

Delivery in Saudi Arabia

Smart contract audit for KSA fintech sandbox.

EVM and non-EVM contract findings cite SAMA fintech sandbox guidance and PDPL data rules. SAR-denominated, KSA-region key handling.

Direct line
+966-11-000-0000
Office
Riyadh, Saudi Arabia

Frameworks scoped: NCA ECC · SAMA CSF · PDPL · ISO/IEC 27001.

Sample multi-chain audit report cover: hairline document titled AUDIT REPORT with chain chips Solana/Cosmos/Move beneath the title, a CONFIDENTIAL classification chip, and three redacted finding rows with severity bars, the top row carries the orange severity dot and on-chain hash 0x…74e3.

Sample audit report

Read a Solana or Cosmos sample report.

A redactable PDF: Solana account-confusion finding or CosmWasm reply-handler exploit. Shows the CREST-mapped severity rubric, the on-chain PoC, and diff-style remediation. Sent on request after a short scoping call.