Kairos Lab · Audit Services

What we audit

Manual-first security review, augmented by a 44-module automated scanner. OWASP Top 10, ASVS L2, PTES, and custom Web3 threat models. Black-box, grey-box, or white-box — your call.

Service catalogue

// 01 · Smart Contract

Smart Contract Security Review

Line-by-line Solidity/Vyper review. Reentrancy, integer overflow, access control, oracle manipulation, flash loan attack surfaces, upgradeable proxy patterns. Formal verification for critical invariants via Halmos.

SolidityVyperEVM FoundrySlitherHalmosAderyn

// 02 · Web Application

Web App & API Penetration Test

OWASP Top 10 + ASVS L2 coverage. Authentication bypass, IDOR, CORS misconfigurations, JWT weaknesses, SSRF, XSS, header analysis, JS bundle forensics. 44-module Kairos Scanner + manual exploitation.

OWASPASVS L2Nuclei Semgrepmitmproxyffuf

// 03 · DeFi Protocol

DeFi Protocol Audit

AMM logic, liquidation mechanics, price oracle dependencies, MEV exposure, governance attack vectors, token economic invariants. Fork simulation on mainnet state via Foundry + Anvil.

DeFiMEVFoundry/Anvil Flash loansOracle

// 04 · Auth & Identity

Authentication & Identity Review

OAuth 2.0/OIDC flows, JWT algorithm confusion, PKCE implementation, session fixation, cookie security, wallet-based auth (EIP-4361 Sign-In with Ethereum), key derivation schemes.

OAuth 2.0OIDCJWT EIP-4361PKCEWebAuthn

// 05 · Infrastructure

Cloud & Infrastructure Review

Vercel/Railway/Cloudflare configuration audit. Security header enforcement, CORS policy review, rate limiting gaps, secrets management, CI/CD pipeline exposure. Docker hardening.

VercelRailwayCloudflare DockernginxCI/CD

// 06 · Threat Model

Threat Modeling & Security Design

Pre-launch architecture review. STRIDE threat modeling, attack surface mapping, 7-invariant security checklist, defensive layer recommendations (KIP, NEMESIS, MANTIS). Written before you ship.

STRIDEPre-launchArchitecture KIPNEMESIS

Toolchain

Slither

Static analysis — Solidity

Aderyn

Rust-based Solidity analyzer

Foundry + Halmos

Fuzz testing + formal verification

Mythril

Symbolic execution — EVM

Semgrep

Pattern-matching SAST

Nuclei

Template-based web scanner

mitmproxy

HTTP/HTTPS traffic interception

ffuf

Directory & endpoint fuzzing

SQLMap

SQL injection detection

Kairos Scanner v1

44-module proprietary scanner

MANTIS

Behavioral fingerprinting & LLM detection

KIP

Honeypot + rate-limit defensive layer

7 Security invariants we check against

01Non-extractable keys — private key material never leaves the client

02Zero server material — server holds no plaintext secrets that could decrypt user data

03Email privacy — hashed before any on-chain reference

042FA minimum — no single-factor authentication path in production

05Merkle anchoring — verifiable proof of state at any point in time

06Crypto agility — algorithm hot-swap without user migration

07Emergency halt — circuit breaker triggerable in under 1 block

Ready to get audited?

Typical engagement: 2–5 days. Report delivered within 24h of close. All findings reproducible with PoC.

Request an Audit