Directory
Firms & platforms
Audit firms and security harnesses grouped by where they do their deepest work. This is a sample, not a ranking. Match the focus sectors to your scope.
Audit firms
Fixed teams that review a codebase in depth over a defined engagement.
| Firm / Platform | Focus sectors | Size | Notes |
|---|---|---|---|
| zkSecurity Specialist | Zero-knowledge, Applied cryptography, Formal verification | Boutique | Boutique firm focused on zero-knowledge and applied cryptography, with researchers who publish on proving systems and circuit security. |
| Trail of Bits | Smart contracts, Protocol / consensus, Applied cryptography, Infrastructure | Large | Large, broad security firm covering blockchain, cryptography, and traditional software assurance, with a substantial open-source tooling output. |
| NCC Group | Applied cryptography, Protocol / consensus, Infrastructure | Large | Global enterprise security consultancy with a dedicated cryptography practice that reviews protocols and primitives across many industries. |
| Informal Systems | Protocol / consensus, Formal verification | Mid-size | Specializes in protocol correctness and formal methods, with deep roots in the Cosmos / Tendermint ecosystem and model-based testing. |
| Galois | Applied cryptography, Formal verification | Mid-size | Research firm specializing in formal methods and high-assurance cryptography, with open-source tools such as Cryptol and SAW for verifying cryptographic implementations. |
| IOActive | Applied cryptography, Infrastructure, Protocol / consensus | Large | Global security consultancy known for deep hardware, firmware, and cryptography research across many industries, including blockchain and embedded systems. |
| Kudelski Security | Applied cryptography, Protocol / consensus, Infrastructure | Large | Cybersecurity division of the Kudelski Group, with an applied-cryptography practice and a blockchain security team serving enterprise and Web3 clients. |
| EY | Zero-knowledge, Protocol / consensus, Infrastructure | Large | Global professional-services firm whose blockchain group has invested in zero-knowledge research, including the Nightfall protocol and the Starlight ZK compiler, alongside enterprise assurance work. |
| Calif | Infrastructure, Applied cryptography | Boutique | Vulnerability-research firm that pairs AI models with human researchers to find and exploit bugs, with work spanning operating systems, low-level software, and cloud infrastructure. |
Security harnesses
Audit-competition and bug-bounty platforms that put your code in front of many independent researchers.
| Firm / Platform | Focus sectors | Size | Notes |
|---|---|---|---|
| zkAO Specialist | Zero-knowledge, Applied cryptography, Smart contracts | Boutique | Audit-competition / harness platform oriented toward zero-knowledge and cryptography-heavy codebases, where generalist crowds are typically thin. |
| Code4rena | Smart contracts, Protocol / consensus | Large | Established competitive-audit marketplace with a large crowd of wardens, strongest on smart-contract and protocol scope. |
| Sherlock | Smart contracts, Protocol / consensus | Mid-size | Audit-contest platform that has experimented with coverage and payout guarantees on top of competitive review. |
| Cantina | Smart contracts, Protocol / consensus, Zero-knowledge | Mid-size | Marketplace combining competitions, a curated researcher network, and managed reviews under one roof. |
| Immunefi | Smart contracts, Protocol / consensus, Infrastructure | Large | Large continuous bug-bounty platform for live protocols, complementary to point-in-time audits and competitions. |
Want to be listed, corrected, or have details updated? See our methodology for how listings work, then get in touch.