Multi-chain smart contract audit
Smart contract audits across six chains.Every finding proven on a forked mainnet.
Manual audits on Solana (Anchor / SPL), Cosmos (CosmWasm / IBC), Sui and Aptos (Move), Stellar Soroban, Cairo on StarkNet, and EVM. Every finding ships with a proof-of-exploit transaction on a forked chain, not a CWE row.
One reentrancy or storage-slot collision drains the treasury before the next block.
Trusted by security teams across Fintech, SaaS & Education, Enterprise & Telecom, Security & Critical Infrastructure
WHAT EVERY MULTI-CHAIN AUDIT SHIPS.
Three artifacts your auditors expect from a multi-chain smart contract audit.
Per-chain primitives reviewed by name, named bug classes on every finding, plus a redactable sample report you can read before the scoping call.
Anchor account constraints on Solana, IBC packet ordering on Cosmos, Move's borrow checker and resource semantics on Sui and Aptos, Cairo hint isolation on StarkNet.
Cross-chain replay, validator-set bypass on relayers, Solana CPI privilege escalation, Move resource duplication, CosmWasm reply-handler abuse. Each chained into a working PoC on a forked chain.
Redactable PDF with PoC transaction hashes on Solana or Cosmos. Send it to your auditors before the scoping call.
MULTI-CHAIN AUDITS.
Per-chain bug classes across the non-EVM ecosystems we audit.
- 01Anchor account confusion
Solana programs missing has_one or signer constraints, letting a crafted account substitute as the owner record.
- 02CosmWasm storage corruption
cw-storage-plus key collisions and unchecked Item overwrites that desync the contract from its own state.
- 03Move resource leak
Sui and Aptos modules that drop a resource without consuming it, leaving capability tokens addressable after burn.
- 04Cairo hint bypass
StarkNet contracts where a hint or syscall handler skips the validity check that the on-chain prover assumed.
- 05Soroban auth gaps
require_auth() missing on a privileged Stellar entrypoint, or an authorized invoker chain that loops back to the attacker.
- 06Bridge nonce reuse
Cross-chain message relays that accept a replayed nonce from the source chain, minting twice for one deposit.
- 07Oracle and validator drift
Price feeds that lag a fork, plus validator slashing conditions that under-penalize equivocation on a young L1.
Chains audited.
On record
MULTI-CHAIN AUDIT METHODOLOGY.
Four phases. Per-chain primitives, one artifact.
Same engagement shape across chains. Severity scored against your contract's invariants on its own runtime (Anchor accounts, IBC packets, Move resources). Not a generic checklist.
Threat-model & scope
Roles, assets, invariants, and chain-specific quirks: Solana's account model and rent, Cosmos block re-org and IBC timeouts, Move's resource ownership, Cairo hint trust. Output: a written threat model your dev team signs off before any tooling runs.
Static & chain-aware tooling
Anchor lints and Sealevel attack vectors on Solana; cosmwasm-check and IBC ordering review on Cosmos; Move Prover and the borrow checker on Sui or Aptos; cairo-lint on StarkNet; Slither and Mythril on EVM. Every hit triaged by hand.
Manual exploit research
Findings chained into proof-of-exploit transactions on a forked chain: Solana CPI privilege escalation, account-confusion attacks, Move resource duplication, CosmWasm reply-handler abuse, validator-set bypass on cross-chain relayers, signature replay across chains. Each one ships as bug class plus on-chain PoC.
Report & fix-verify
Severity rated against the CREST-mapped rubric, delivered as a redactable PDF with PoC tx hashes on the relevant chain and diff-style remediation per primitive. Free re-test on the same scope once patches land.
Six contract surfaces. Named bugs on each chain.
Solana with Anchor and SPL, Cosmos with CosmWasm and IBC, Sui and Aptos with Move, Cairo on StarkNet, Soroban on Stellar, and cross-chain bridges. Each surface audited against the bugs that actually break contracts of that shape.
Solana programs (Anchor / SPL)
Missing account constraints, signer confusion, CPI privilege escalation, rent-exemption drain, Sealevel concurrency races, the failure modes Anchor lints miss.
CosmWasm contracts & IBC channels
Reply-handler reentrancy, packet-ordering assumptions, channel-takeover via misconfigured port binding, validator slashing edge cases on cross-chain payloads.
Move modules and resources
Resource duplication and silent drops, borrow-checker bypass through generic types, capability leaks across modules, Move Prover spec gaps that ship as exploits.
Cairo contracts on StarkNet
Hint manipulation when prover and verifier disagree, storage-var collision on upgrades, L1↔L2 message replay, syscall-trust assumptions that an attacker can break.
Cross-chain bridges & messaging
Validator-set update races, signature replay across chains, fee-token misaccounting, malicious source-chain payload, finality assumptions on optimistic withdrawals.
Soroban contracts on Stellar
Authorization-frame skipping, env-context spoofing on host functions, storage-footprint griefing, contract-instance vs persistent storage confusion.
Chain runtimes audited
Solana (Anchor or SPL), Cosmos (CosmWasm or IBC), Sui and Aptos (Move), Cairo on StarkNet, Soroban on Stellar, plus EVM. One researcher lead per engagement, all chains.
See surfaces →Chain CVEs published
Public CVE records from SL7 research. Open the advisory, read the write-up. Verifiable artifacts, not customer aggregates.
Read disclosures →Manual review-hours
Per engagement, per auditor pair. Itemised in the sample report on request. Tooling-augmented, never tooling-only.
Request the sample →Insights
Multi-chain audit Resources.
Audit write-ups across Solana, Cosmos, Move, and Cairo: Anchor account confusion, IBC reply abuse, Move resource leaks, and the cross-chain replay bugs that drain bridges.
Rule of the rig
“A finding without a working proof-of-exploit transaction is a guess. Every severity in our multi-chain audit ships with a forked-chain PoC, Solana, Cosmos, Move, or EVM, your dev team replays locally. Fix-verify means the PoC reverts against the patched contract, not that the diff reads clean.”
Meet your engagement architect
One named lead from scope to close.
John Dill
vCISO at SecureLayer7
200+
engagements scoped
11
chains in coverage
14 yr
SL7 offensive lineage
Multi-chain audits start with scope, not code. John maps your contracts, invariants, and chain assumptions (Anchor accounts, IBC packets, Move resources) into a written engagement plan, then brings in the auditor pod that signs the report.
Read the redactable sample report.
Pick a 30-minute slot. We will scope your engagement on the call.
Book a 30-min callAI in our engagements
Where AI runs. Where a human signs.
AI accelerates recon, account-graph mapping across Solana programs and CosmWasm modules, and report drafting. CREST-accredited researchers chain the exploit on each chain's own runtime and sign every finding. We publish the handoff per phase so your auditor can read it.
Common procurement questions
What buyers ask about multi-chain audits.
Six questions procurement and protocol leads send before signing a multi-chain audit SOW. Answered against our methodology and your auditor.
Show all 6 questionsShow less
Have a procurement question not listed here?
Deep dive on EVM
Need a pure-EVM audit?
Solidity, Vyper, Yul, ERC-4337 paymasters, EIP-7702 delegation, ERC-4626 vaults, L2 bridges on Arbitrum, Optimism, Base, covered in a dedicated audit page. Same auditors, same forked-mainnet proof-of-exploit deliverable.
Tested by industry.
The bug classes named below come from real engagements in each sector. Pick the closest fit.
Sample audit report
Read a Solana or Cosmos sample report.
A redactable PDF: Solana account-confusion finding or CosmWasm reply-handler exploit. Shows the CREST-mapped severity rubric, the on-chain PoC, and diff-style remediation. Sent on request after a short scoping call.