Off-Chain Components
We go beyond smart contracts to secure your protocol
They have trusted us
Hear from people we worked with
CTO Dean Rubin, Othentic Labs
Dean Rubin, CTO of Othentic Labs, partnered with Composable Security to conduct a thorough security review of the Rewards V2 smart contract module. The project aimed to verify the robustness of a new rewards distribution mechanism integrated with EigenLayer and ensure secure cross-chain operations across multiple Layer 2 networks.
CEO Amadeo Brands, YieldNest
Amadeo Brands, CEO of YieldNest, partnered with us to evaluate the security of their Max Vault integration with the Kernel protocol on BNB Chain. The goal was to ensure safe yield generation and optimize protocol robustness before launch.
Chief Architect Nick Velloff, Braintrust
Nick Velloff came to us for a security review of Braintrust, a decentralized talent network. The primary objective was to ensure the secure expansion of the Braintrust platform onto the Base network, validate integrations with third-party services such as Coinbase Onramp, and secure the wallet infrastructure used by its users.
Expert Off-Chain Components services provided by the best auditors
How to Audit Off-Chain Components?
Auditing off-chain components starts with understanding what you run and what it connects to, from custom blockchain implementations and bridges to L2 services, oracle pipelines, and Web2 integrations. We then define a clear audit goal and scope, and build a threat model that reflects real attacker paths.
From there, our experts review architecture, configurations, infrastructure, and operational processes, and validate the highest-risk flows through targeted testing and research. The result is a prioritized set of findings and hardening recommendations that strengthen reliability and security, and keep your off-chain stack adaptable as your system evolves.
What’s in a Off-Chain Components Audit Report?
Audit reports are sources of information and detailed records of every identified vulnerability, categorized by severity from Critical to Informational. Each issue comes with recommended solutions from smart contract security experts.
When a vulnerability is fixed before launch, it is marked as resolved. If a problem remains unaddressed, we include an explanation of its potential impact and the project team’s reasoning.
An audit report shows that a project values security and protects its users’ funds. By auditing, Web3 projects secure their code and avoid costly mistakes.
Trust us, others have already done it
We understand that blockchain builders demand security that’s transparent, proactive, and reliable.
>
$
38
B (USD)
in TVL held by audited protocols
95
% clients
wants to have their next audit with us
>
60
% audits
reported and fixed Critical/High issues
50
% clients
already had more then one audit with us
| | |
| | |
 | | |
| |  |
Tailored security solutions to meet the unique needs of your blockchain projects
Our services.
Smart contract audits
Secure your project
Verify personalized threats
Get extensively tested
Undergo manual review
Get detailed report
Threat modeling
Take part in a workshops
Introduce security by design
Expand the team’s knowledge
Improve security awareness
Get detailed report
Security consultations
Take advantage of expert advice
Gain confidence
Delegate work to professionals
Use a second opinion
Get detailed report
Liquid Staking
We audit liquid staking protocols end-to-end. LST contracts, withdrawal flows, oracle/accounting logic, and validator operations - so staking is safe, resilient, and integrates cleanly across DeFi.
(Re)Staking
We provide in-depth audits for restaking protocols, focusing on security, reliability, and correct integrations with protocols like EigenLayer or Symbiotic.
EVM
We specialize in Solidity and perform comprehensive audits across EVM-based smart contracts. Tokens, DeFi, Cross-chain, Liquid Staking, GameFI and many more. We identify vulnerabilities, verify logic correctness, and ensure alignment with best practices across various chains and frameworks.
medium
Node Operator can exit and slash their validator to move withdrawal finalization border epoch
Learn more
high
Enabling stETH deposits causes miscalculations and permanent losses for users as rebase tokens are not supported
Learn more
Stay ahead of the curve with insights, updates, and expert tips from our team.
Frequently asked questions
Can’t find an answer? Contact us or follow us on Twitter.
Paweł Kuryłowicz
Managing Partner & Smart Contract Security Auditor
Damian Rusinek
Managing Partner & Smart Contract Security Auditor
What is Composable Security? +
We are a small, elite team of smart contract auditors specializing in (re)staking, AVS, and hooks. We tailor our solutions to each client’s unique needs. We reject one-size-fits-all strategies in favor of a personalized, continually evolving service that delivers the highest level of security.
What is smart contract audit? +
A smart contract audit is a comprehensive examination of the code underlying a blockchain-based smart contract. This process involves expert auditors looking for security vulnerabilities, design issues, and efficiency problems. The goal is to ensure the smart contract operates as intended, without any flaws that could lead to security breaches, rug pulls, or hacks.
Smart contract audit is crucial in the blockchain ecosystem to maintain trust and reliability in projects building decentralized applications.
How long do audits take? +
It depends on the complexity of the smart contract. However, on average it takes approximately two weeks.
To learn about how we perform smart contract audits head to this artice.
How much does a security review cost? +
Smart contract audits done by professionals typically cost ~$10000-$30000 for an average project. The price of the audit depends on many factors, but the following have a key impact on the price:
- number of lines of solidity code (nSLOC),
- the complexity of the code,
- documentation quality and code clarity,
- whether the auditors know your protocol and the components you use,
- whether you are using standard implementations or implementing something from scratch,
- the deadline for the audit.
Smart contract audit cost can be slightly minimized if before the audit you use a checklist prepared by us.
What kind of post-audit support do you provide? +
After introducing the changes to the smart contract, we perform a one-time verification to make sure that the recommendations have been introduced in the right way and that the found vulnerabilities do not exist anymore. Afterward, we are always open to assisting our clients in answering all of their questions and helping in solving issues related to security.
To learn about how we perform smart audits head to this article.
Why do smart contracts need to be audited? +
Smart contracts need to be audited to ensure their security and effectiveness. As they are self-executing contracts with the terms directly written into code, any flaws can lead to significant financial losses.
Smart contract audits help identify vulnerabilities before deployment, safeguarding against potential hacks and ensuring the contract functions as intended.