Technology Security, Pillar 03
DeFi protocols and cross-chain bridges concentrate value at a scale that makes them the highest-priority targets in Web3. The Ronin bridge lost $625 million. Wormhole lost $320 million. Poly Network lost $611 million. These were not anomalies, they are the predictable outcome of insufficient security assessment before deployment.
DeFi protocol security assessment is the most technically demanding category of cyber security assessment in Web3. The attack surface spans on-chain logic, economic design, oracle integrations, governance mechanisms, and, for bridging protocols, the cross-chain message relay and verification layer that connects them. A vulnerability at any of these levels can result in total loss of protocol funds.
We conduct security reviews that cover the full DeFi attack surface: not only the smart contract code, but the economic attack vectors, flash loan compositions, oracle manipulation sequences, and liquidity-dependent exploits, that code review alone does not surface. For cross-chain bridges, we specifically assess the message verification logic, validator set security, and the lock-and-mint or burn-and-mint accounting that determines whether the bridge's asset peg holds under adversarial conditions.
Work is delivered through our internal consultancy team and a curated network of specialist partner firms, rigorously vetted for technical depth and professional integrity in the Web3 space.
$117M. No Contract Bug. Just Oracle Design.
“The Mango Markets exploit in October 2022 involved no smart contract vulnerability in the traditional sense. Avraham Eisenberg and an accomplice used coordinated buying across exchanges to pump the MNGO token price 10x. Mango’s oracle used a spot price feed. Against the inflated collateral valuation, Eisenberg borrowed $117M in protocol treasury assets, USDC, USDT, SOL, BTC, and withdrew them. No single contract was buggy. The vulnerability was the interaction between the oracle design, the collateral model, and the liquidity of the underlying market under adversarial economic conditions.”
The Bridge Problem
“Cross-chain bridges are uniquely dangerous because they hold locked assets on one chain while minting representations on another. Any discrepancy between the two states, caused by a compromised validator, a spoofed message, or an accounting error, can allow an attacker to mint unbacked tokens against a legitimate locked balance. The Ronin, Wormhole, and Nomad exploits all followed this pattern. Bridge security assessment requires understanding both chains and the trust assumptions of the relay layer between them.”
A cyber security assessment for a DeFi protocol or bridge is not a standard smart contract audit. It requires protocol-specific threat modelling, economic attack simulation, and cross-chain architecture analysis that goes beyond line-by-line code review. Our assessment methodology is designed specifically for the DeFi and bridging attack surface.
Protocol Categories
Each DeFi protocol category has a distinct security profile and primary attack surface. Our assessment methodology is adapted to the specific risk model of each protocol type.
Constant-product and concentrated-liquidity AMMs: invariant correctness under all reachable states, fee accounting precision, price impact manipulation, JIT liquidity attacks, and the interaction between the AMM pool and any integrated oracle or routing layer. Foundry and Echidna invariant testing to verify that the AMM curve holds under adversarially chosen input sequences.
Collateralisation ratio integrity, liquidation logic correctness, bad debt accumulation under extreme price movement, oracle dependency analysis, and interest rate model edge cases. Flash loan attack compositions that exploit the gap between collateral valuation and liquidation execution. Aave, Compound, and custom lending protocol assessment methodology.
Full bridge architecture security review: message format and verification, validator/relayer trust model, threshold signature enforcement, canonical message replay protection, and asset accounting peg integrity across source and destination chains. Specific attention to the validator set compromise scenario and the attack surface it opens for minting unbacked assets.
On-chain governance security: proposal creation and execution path analysis, timelock bypass vectors, flash-borrowed governance token vote manipulation, quorum and threshold configuration, and the risk of a malicious proposal passing under low-participation conditions. Includes Compound Governor Bravo, OpenZeppelin Governor, and bespoke governance framework assessment.
