We have extensive experience reviewing cross-chain integrations. We have reviewed: - @LayerZero_Core - @axelar - @AcrossProtocol - @wormhole - @RelayProtocol - @chainlink CCIP - @eco - @gardenfi - @lifiprotocol Check out the reports at: github.com/burrasec/Security…. Reach out if you're building across multiple chains.

Biggest danger with AI is getting sloppier at everything you do. This can slip up on you if you're not vigilant. AI makes false claims while sounding confident. One of our core values is thoroughness. That means leaving no stone unturned — but it also means every reported issue has to be understood 100% and tested with a POC (Proof of Concept). We've read too many audit reports with false claims and wrongly identified issues. Making mistakes is normal, but in the final deliverable, we aim for assertiveness and confidence in all our claims.

Researchers working on Burra Security audits are world-class. With competency and class, you'll often find ego. Researchers work independently, and during certain checkpoints throughout the audit, all researchers share their findings and brainstorm together — combining attack vectors, maximizing the outcome, and pushing for really complex issues. During these sessions, it's PARAMOUNT TO PUT EGO aside and focus on combining attack vectors, maximizing the impact of each issue, and making sure there are no false claims. Discussions around severity come last. That's our golden rule!

We try to keep our audits and all the bureaucracy around them dead simple. No introductory or close-out calls — we didn't find any value in having these. Unless there's a serious discussion happening, they're usually a waste of time. Instead, at the end of the audit (or at predefined points for longer engagements), each researcher provides their assessment of the work done: 1. On a scale of 1 (likely bugs remain) to 10 (low likelihood of bugs), how confident are you that no serious bugs remain? 2. Are there any contracts or areas you couldn't cover in depth? We collect feedback from every researcher and sum it up into a general assessment for the client. The purpose is two-fold. First, we keep each researcher accountable — they own their work at the end of the audit. The outcome is binary: either the project is ready for deployment, or they should spend more time securing their codebase. Second, the client gets a clear and honest picture of where they stand. Feedback from clients on this process has been very positive, and we'll keep doing it.

We’ve been working with @centrifuge on a series of security audits since August 2025, ahead of their v3.1 launch. The focus were the cross-chain components of their system. The team has successfully resolved all the issues! Check out the reports: - LayerZero integration: github.com/burrasec/Security… - Initial v3.1 report: github.com/burrasec/Security… - Final v3.1 report: github.com/burrasec/Security…

If you’ve ever sent tokens across chains, there’s a 99.99% chance you’ve interacted with LiFi. They’re the powerhouse DEX and bridge aggregator across a plethora of chains. I’m thrilled to announce a security partnership between @burraSec and @lifiprotocol. We’ll be reviewing ongoing changes to their system to ensure top-notch security!

How do we make extra certain crosschain swaps are secure? 🛡️ We’re pulling back the curtain with @Burrasec and @Pashovauditgrp to unpack the audits, potential exploits, and best practices in DeFi security. Tune in June 26, 14:30 UTC. youtube.com/watch?v=YijAOJOC…