ServicesHow It WorksPricingAboutContact
Web3 Security

Independent smart contract auditing and risk intelligence

We find the vulnerabilities before attackers do. Rigorous manual code review, economic attack modeling, and on-chain risk assessments for protocols across the EVM ecosystem.

Request a Quote Explore our services

$0B

Stolen in 2025

0+

Incidents

0%

YoY Increase

Services

What we do

From line-by-line manual code review to protocol-level risk intelligence — every layer of your security surface, covered.

Code audit
Audit

Smart Contract Audits

In-depth manual review of your Solidity codebase. Every function traced, every attack vector mapped, every edge case tested.

  • Line-by-line manual code review
  • Automated analysis (Slither, Mythril, Echidna)
  • Custom Foundry fuzz test suites
  • Severity-classified report
  • Remediation verification included
Learn more
Analytics
Research

On-Chain Risk Intelligence

Protocol-level risk assessments for projects, DAOs, and funds evaluating integrations. Research-grade reports delivered fast.

  • Admin key & privilege analysis
  • Oracle dependency mapping
  • Governance attack feasibility
  • Liquidity concentration review
  • Historical incident analysis
Learn more
Security
Retainer

Continuous Security

Ongoing security retainer for protocols that ship frequently. We review every update before it reaches mainnet.

  • Priority audit scheduling
  • Pre-deployment review pipeline
  • Dedicated security researcher
  • Emergency incident response
  • Monthly security briefings
Learn more

$3.35 billion stolen from Web3 protocols in 2025

Every line of unaudited code is a liability. Independent security review isn't optional — it's infrastructure.

// Reentrancy vulnerability detected
function withdraw(uint256 amount) external {
  require(balances[msg.sender] >= amount);
  ⚠ State update after external call
  (bool ok, ) = msg.sender.call{
    value: amount}("");
  balances[msg.sender] -= amount;
}
 
// ✓ Fix: Checks-Effects-Interactions
  balances[msg.sender] -= amount;
  (bool ok, ) = msg.sender.call{...};

Methodology

Manual review, not automated guesswork

Every audit starts with automated tooling to catch known patterns. But the real value is a senior researcher reading every line, tracing every execution path, and thinking like an attacker.

  • EVM-native expertise. Deep knowledge of memory layout, storage slots, gas mechanics, and opcode-level behavior.
  • 🧪
    Custom fuzz testing. Protocol-specific Foundry tests and Echidna invariant checks tailored to your logic.
  • 💰
    Economic attack modeling. Flash loan vectors, oracle manipulation, sandwich attacks, governance exploits.
Analytics

Risk Intelligence

Know the risks before you integrate

For projects, DAOs, and funds evaluating protocol integrations — we produce research-grade risk assessments covering the full attack surface.

  • 🔑
    Admin key risks. Who can upgrade, pause, or drain the contract? We map every privileged function.
  • 🔗
    Dependency mapping. Oracle feeds, external protocol calls, upgrade proxies — every trust assumption documented.
  • 📋
    Delivered fast. Risk reports in 3–5 business days. Starting at $1,000 per assessment.
Request a risk assessment

Expertise

Security across the stack

DeFi

DeFi Protocol Audits

Lending, staking, vaults

Infra

Infrastructure Security

Bridges, oracles, relayers

Tokens

Token & NFT Contracts

ERC-20, ERC-721, ERC-1155

Gov

Governance Systems

DAOs, multisigs, timelocks

Upgrades

Upgrade Patterns

Proxies, diamonds, UUPS

Process

From code to confidence

1

Scoping

Submit your repo. We assess complexity, count nSLOC, and deliver a fixed-price quote within 24 hours.

2

Automated Analysis

Slither, Mythril, Echidna, and Foundry fuzz suites catch known vulnerability patterns.

3

Manual Review

A senior researcher traces every function, maps the state machine, and tests attack vectors.

4

Report

Every finding classified by severity with clear explanations and recommended fixes.

5

Remediation

After you implement fixes, we re-review every change to confirm correctness.

Built for the ecosystem we protect

We accept ETH, USDC, and DAI. Crypto-native from day one.

The Landscape

Why security can't wait

Web3 exploits are accelerating. Every project deploying code needs an independent review.

$0B
Stolen in 2025
0+
Incidents
0+
Active Firms
0%
YoY Increase

Ecosystems

Multi-chain expertise

Security research across the EVM ecosystem and beyond.

EthereumArbitrumOptimismBasePolygonBNB ChainAvalanchezkSyncScrollLinea

Pricing

Transparent, fixed-price engagements

No hourly billing. No scope creep. Every audit is quoted upfront based on nSLOC, complexity, and external dependencies.

Starter

Token & NFT Audits

$3,000 – $5,000 · 2–3 days

  • ERC-20, ERC-721, ERC-1155 contracts
  • Up to 500 nSLOC
  • Full automated + manual review
  • Severity-classified report
  • One remediation pass included
  • Crypto payment accepted
Get started
Most Popular
Core

DeFi Mechanism Audits

$5,000 – $15,000 · 4–10 days

  • Staking, vaults, vesting, lending
  • 500–2,000 nSLOC
  • Deep manual + economic analysis
  • Custom Foundry fuzz test suite
  • Comprehensive professional report
  • Two remediation passes included
Request a quote
Protocol

Multi-Contract Audits

$10,000 – $20,000 · 2–3 weeks

  • Multi-contract protocol systems
  • 1,500–2,500+ nSLOC
  • Cross-contract interaction analysis
  • Oracle & dependency review
  • Upgrade pattern assessment
  • Executive summary for stakeholders
Contact us

On-chain risk intelligence reports start at $1,000–$3,000 per assessment. Get a custom quote

About

Built by researchers,
not salespeople

Arx is Latin for fortress — the fortified citadel at the highest point of an ancient city, the last line of defense. We chose the name because it captures exactly what we do: we build the stronghold around your protocol's code so that when attackers probe for weakness, they find none.

Arx Inc. is a Virginia-incorporated Web3 security firm providing independent smart contract audits and on-chain risk intelligence to protocols, DAOs, and funds across the EVM ecosystem.

We were founded on a simple principle: every project that handles crypto value deserves an independent security review — not just the ones that can afford six-figure engagements.

Our researchers maintain active profiles on Code4rena and Sherlock, contribute to open-source security tooling, and publish technical research on vulnerability patterns and exploit post-mortems. Every finding in our portfolio is real. Every report is public.

Transparency

All audit reports are published. Our track record is public and verifiable on competitive platforms.

Depth Over Speed

We don't rush audits. Every engagement gets the time and attention required for thorough coverage.

Fixed Pricing

Upfront quotes based on scope. No hourly rates, no surprise invoices, no scope creep.

Crypto-Native

We accept payment in ETH, USDC, and DAI. Built for the ecosystem we protect.

Ready to secure your protocol?

Submit your project details and we'll scope your audit within 24 hours. Fixed pricing, no commitment required.

Or reach us at [email protected]