blur

Smart Contract Audit Company

Get to know Composable Security.

blur
blur
blur
Purple background

Our story

2017
2017

Beginnings of SCSVS

Each of us has been dealing with traditional IT security for over 6 years, cooperating with the largest banks in Poland, fintech, and modern technologies from around the world. Damian, shortly after his first cooperation with a cryptocurrency exchange, became immersed in smart contracts and blockchain technology. As an experienced software engineer, he quickly learned Solidity and noticed that there were no standard thanks to which developers could avoid the common security vulnerabilities that appeared at that time. At the end of the year, he shared the idea of ​​creating SCSVS with Paul and work slowly started as a side project.

Hyperledger and custom blockchain implementations

In the beginning, most of the projects we handled were custom either blockchain implementations or centralized exchanges. The crypto exchanges needed to secure their web and mobile applications, taking into account completely new threats resulting from the nature of blockchain. As we were exploring these threats, we learned more and more about Solidity and blockchain technology itself. We stored knowledge in the form of new checks for SCSVS and published several blog posts about how to secure a crypto exchange and some of the custom blockchain implementation security risks.

Hyperledger and custom blockchain implementations
2019
2019

SCSVS v1

After over a year of working on the Smart Contract Security Verification Standard, as a side project, we released the first version. That was the first security standard for smart contracts written in Solidity that could be used by both developers and smart contract auditors. We based it on the well-known OWASP ASVS, which we have often used at work. To this day, it is one of the most comprehensive smart contract audit checklists.

We shared knowledge at conferences

From the very beginning, we have made sure to share knowledge and what we have researched ourselves. We have been speakers at conferences such as ETHcc, AppSec Global, ETHWarsaw, Web3 Security Conference, and more. This is an integral part of the work of a smart contract auditor. We were among the first to discuss the importance of threat modeling and shifting left. We observed the best security practices in web2 and what brought results for customers. We want to do the same for web3 projects.

We shared knowledge at conferences
2022
2022

Composable Security creation

Even though the company was founded in August 2022, as you can see we have contributed to the space since 2017. By then, we had already managed to cooperate with many fantastic projects like FujiDAO, Enjin, Tellor, DefiEdge and saved millions of dollars through non-public actions with one of the big exchanges. This is an important date for us because Pawel and Damian have decided to completely devote themselves to smart contract security at this point. This is a completely new challenge that we want to meet while remaining true to our values.

Difficult beginnings

Starting a business turned out to be even more time-consuming than we thought. Wanting to provide very high quality to the customer, actively working on brand recognition, and trying to continue to contribute was a challenge. We currently spend much more time on threat modeling and attack vector detection as it has proven to be very valuable to the projects we work with. Then, we additionally started consulting these attack vectors with teams to search for smart contract security vulnerabilities even more effectively.

Difficult beginnings
2023
2023

First year on our own terms

This year was great. We have helped many projects increase security. However, what makes us most happy is that the customers we have served come back to us. From the very beginning, we have tried to treat the people we work with as team members. Together, we tried to make their project safe so that nothing could stand in their way to success. The fact that they trust us brings great responsibility, but also satisfaction. This assures us that what we do brings value.

War Room Games 1st place

During EthCC, Damian and other Team16 members (@cairoeth, @dgrabec, @danielvf) won first place at War Room Games organized by Tenderly, Yearn, and yAudit. Networking during crypto conferences is great, but hacking together is another level of friendship. A memorable tweet from this event can be found here.

War Room Games 1st place
Security Guide publication

Security Guide publication

Our next big side project apart from SCSVS was the Security Guide. We have noticed that many teams focus only on the security of smart contract audits, which is not always the best solution. We decided that it was worth creating material that projects could use to make decisions being aware of available options. This resulted in the creation of an over 100-page e-book, which you can download for free here.

Research supported by Uniswap Foundation grant.

We are contributing to security research exploring the “malicious design space” of UniswapV4 hooks. The aim of the research is to raise awareness about potential security threats and provide resources that will help understand the threat landscape and analyze the security of the UniswapV4 hooks. Thanks to this, we have created a lot of valuable publications that you can read on our blog and a completely new SCSVS C9 category: Uniswap V4 Hook.

Research supported by Uniswap Foundation grant.

Security should be adapted to each stage of development, security should be composable to best suit visionary needs.

That's not the end. We will continue to work hard, so you sleep well.

Company values

Purpose of existence

Blockchain will have a significant impact on what the future will look like, we do our best to make it as good as possible.

Self-development

Self-development

Blockchain will have a significant impact on what the future will look like, we do our best to make it as good as possible.

  • We update our knowledge
  • We share knowledge with the team
  • We strive to increase efficiency
  • We find new and better solutions for our customers
Responsibility

Responsibility

Blockchain will have a significant impact on what the future will look like, we do our best to make it as good as possible.

  • We keep our word
  • We are honest
  • We test the best we can
  • We take care of each other and our clients
Cooperation

Cooperation

Blockchain will have a significant impact on what the future will look like, we do our best to make it as good as possible.

  • We help when someone needs help
  • We educate clients and take care of their projects
  • We can count on every person on the team
  • We consult to get the best effect for the client

Team

Damian Rusinek

Damian Rusinek

Managing Partner & Smart Contract Security Auditor

Paweł Kuryłowicz

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

They've trusted us

Gasbot
MilkyIce
Sharbi DAO
Tellor
Enjin
Volmex Finance
Arcade2Earn
INTU
Coconut Chicken DAO
codefunded
DIVA protocol
Evojam
Fuji DAO
Gasbot
MilkyIce
Sharbi DAO
Tellor
Enjin
Volmex Finance
A man with laptop

Get a free offer

Our security specialist will get to know your protocol and prepare a service personalized to your needs.

Let's talk

Join the newsletter now

Your e-mail address

blur
Purple Shadow

© 2024 Composable Security

blur