ScanSandbox - Focus on blockchain security

Blockchain Safety Audit

In the entire block chain industry, security has always been the focus of attention, it's nice to see more and more people attaches great importance to the security of smart contracts

Easy Integration

For a long time, security policies on blockchain have been very fragmented and there is an urgent need for integrated security, and this business is our focus

Superior Support

Founded in 2021 by leading academics in the field of Computer Science from Columbia University, ScanSandBox is a leading blockchain security company that serves to verify the security and correctness of smart contracts and blockchain-based protocols.

WHY US?

We have expertise across the whole stack: from languages and compilers to smart contract systems, protocols, and applications. Our audit portfolio spans distributed payment networks, financial structures, and governance systems.

Need more servers? We also offer contract monitoring services that provide 24 hour secure traffic detection.

Our Customer

Privacy Policy

We privately send the report to your team so they can address the issues we found. Publishing the report after your team fixes the issues is optional but strongly recommended as a way to contribute to the ecosystem’s security. We can work with you on a disclosure strategy.

Audit Report

The report outlines potential problems in the code with actionable recommendations to guard against potential attack vectors, together with a general analysis of the system dynamics, reflecting both state-of-the-art security patterns and opportunities for improvement regarding the project's overall quality and maturity.

Offensive and Defensive

Accept customer's entrustment, carry out system attack and defense test, provide complete security test report, help customer provide system security.

SERVICES

We privately send the report to your team so they can address the issues we found. Publishing the report after your team fixes the issues is optional but strongly recommended as a way to contribute to the ecosystem's security. We can work with you on a disclosure strategy.

Contracts Architecture

Solidity is an object-oriented, high-level language for implementing smart contracts. Smart contracts are programs which govern the behaviour of accounts within the Ethereum state.

Solidity is a curly-bracket language. It is influenced by C++, Python and JavaScript, and is designed to target the Ethereum Virtual Machine (EVM). You can find more details about which languages Solidity has been inspired by in the language influences section.

Details

Trend Setting

While it is usually quite easy to build software that works as expected, it is much harder to check that nobody can use it in a way that was not anticipated.

Keep an eye on the latest DEFI GameIF, use the latest standards to complete the security assessment and escort the project

Details

Code Style Philosophy

A style guide is about consistency. Consistency with this style guide is important. Consistency within a project is more important. Consistency within one module or function is most important.

But most importantly: know when to be inconsistent – sometimes the style guide just doesn’t apply. When in doubt, use your best judgment. Look at other examples and decide what looks best. And don’t hesitate to ask!

Details

PUBLIC PROJECT

OUR MOST POPULAR AUDIT REPORTS

Company Formation

We have a team of blockchain security experts with many years of experience

Stuff Management

The Solidity programming language is an open-source, community project governed by a core team. The core team is sponsored by the Ethereum Foundation.

Code Optimization

the optimizer tries to simplify complicated expressions, which reduces both code size and execution cost, i.e., it can reduce gas needed for contract deployment as well as for external calls made to the contract.

Information Security

if your smart contract code is bug-free, the compiler or the platform itself might have a bug. A list of some publicly known security-relevant bugs of the compiler can be found in the list of known bugs, which is also machine-readable.

Timeliness

Timeliness of code is important for security, and we always recommend using the latest compiler and a more mature repository.

Security Monitoring

Pre-operation checks are not foolproof, and the introduction of a safety monitoring system can take action as soon as possible after a system failure. Contract Sentry will take this part of the job.