75 Photos and videos
Need an audit?
You shouldnβt need 20 intros, Telegram groups, and weeks of back-and-forth just to find the right security firm.
@Procur3 now has 50 security firms live on the platform, including some of the biggest names in Web3 security.
Find the right fit faster.
10
4
21
1,174
If you're looking for @_SEAL_Org Certifications for your protocol, you can now request if from accredited firms on @procur3
Book your certification now from @ConsensysAudits @hackenclub @HackenProof @Quantstamp @sigp_io more on the platform today!
Jun 2
It's finally happening!
SEAL Certifications are now open for business. π
2
3
423
A 3-of-6 Gnosis Safe means nothing if 3 keys live on the same device.
Multisig is about distributed trust β not just distributed signatures.
Each signer should be: β On a separate hardware device β Air-gapped for privileged ops β Onboarded with documented key hygiene
1
18
For Multisig and key management reviews, get a quote from 15 firms specialised firms:
- available at procur3.io
10
In Web3, who should be getting a pentest?
Answer: Everyone.
The largest exploits aren't smart contract related.
Pentesting covers what audits miss: β Wallet connectors β Frontend & API vulnerabilities β Node & RPC misconfigurations β Key management & access control β Off-chain infrastructure
One RFP on @Procur3 gets you quotes from vetted pentest firms alongside your smart contract auditors.
Same platform. Full coverage. Free to use.
1
4
413
A protocol posted a RFP on Procur3 for a Daml audit on @CantonNetwork
15 quotes. 3 days. $6k to $48k range.
This is what security audit procurement should look like.
Fast - Transparent - Competitive
2
5
1,323
Last week StablR lost $10.4M to a multisig exploit.
This week, Superfortune lost $15.18M when a multisig execution silently swapped the recipient address β and nobody caught it until the tokens were gone.
Multisig is the leading exploit cause in value.
Details below.
1
1
5
1,134
When you've paid for the best audit firms to secure your smart contracts, use procur3.io to source:
- Multisig configuration audits / reviews
- Cloud infrastructure and deployment reviews
- Front-end testing
- Penetration testing and more from 50 verified firms.
1
48
Also this weekend:
β Squid Router Module: $3.2M β 86 Gnosis Safe wallets drained. Auth was a public constant string.
β Stake DAO: $91K β deployer key compromised, LayerZero bridge config altered, 5.4T tokens minted.
β SKP/WUSD/MoneyMon: ~$500K across contract flaws.
1
1
80
This is a multisig address substitution attack.
The signers approved. The contract executed correctly. But the destination was changed between signing and execution.
If you're not verifying the destination on your hardware device, you're trusting a screen you can't trust.
1
45