BlockApex is a web3 security company that bringing the ecosystem, high quality blockchain security and cybersecurity services alongside expertise in tokenomics and finance with a unified bearing towards the apex of security. BlockApex aims to fortify systems built in web3 by providing scalable solutions in order to protect against exploits and loss of assets. Our on-chain expertise includes blockchain quality assurance, smart contract auditing and tokenomics/financial model optimization. The off-chain elements include DApp Penetration Testing, Cloud Security & Monitoring and Advanced Adversary Simulations.
Smart contract audit process
The primary goal of the first phase is to build up clarity with respect to the intended workings of the codebase. Initially, this is attained through rigorous internal discussions on the whitepaper/ architecture document provided. This helps build an initial understanding of the system which leads to the building of test-case scenarios. After this phase, the auditors end up with the preliminary semantics of the system.
Regardless of the language used, we make sure that your code is in accordance with the latest standards of code correctness. Starting off, our manual code review is vulnerability specific; this includes all publicly reported issues as well as our own registry of errors. After that, an automated review is carried out using multiple tools and any flags raised are retested. After static analysis, we move towards the extensive execution of the test cases in search of any vulnerabilities.
FORMAL VERIFICATION (optional)
In order to provide an extra layer of fortification, we use certain techniques to formally verify all functionalities of the code. Being an extensive process, formal verification is available upon request. This includes symbolic execution using Scribble/ k-language and fuzzing using Echidna.
A detailed initial audit report is shared and the findings are communicated to the stakeholders in an inclusive manner. After the fixes have been made, a final review is carried out which results in another report being issued that certifies that the smart contract is free from potential threats and blockchain risks. However, we do not claim that the contracts are resistant to any kind of zero-day attack vectors and penetration techniques.
"I worked with the BlockApex team to secure the KALI core contracts and was very happy with their thoughtfulness and attention to detail. They met all of our deadlines and were quick to respond to all of our questions."
"The service provided by BlockApex has met our expectations. The team is very responsive and professional, and all business matters were arranged in a timely manner. The audit process had all the required steps. BlockApex team has listed down all the existing vulnerabilities and categorized them according to severity. The development team was involved and heard, which made the process very straightforward."