HEXENS is a leading cybersecurity solutions provider in Web3. Our specialization is in securing novel technologies and brave builders' solutions, including but not limited to zk solutions, L1/L2s, liquid staking protocols, and more.
Hexens has been operating since 2021 and is now working closely with the biggest and most prominent brands across the world, securing assets worth $55 BLN among blockchain projects, financial institutions, web applications, and government organizations. Trusted by Polygon, 1inch, Celo, Lido, EigenLayer, TON, Nubank, API3, and many others. hexens.io
Previous audits
Besides confidential audit reports of consensus algorithms and L1/L2s, we recently conducted a security assessment of the Bahamut blockchain (github.com/Hexens/Smart-Contract-R...) that unrevealed multiple vulnerabilities in consensus algorithm implementation. More audit reports can be found at hexens.io/audits or on the GitHub repository above. Please pay attention to the keenness in issue descriptions and detailed explanations of possible attack vectors.
The team
Hexens' engineering team consists of multiple CTF winners, PhDs in Computer Science and Math, world bug bounty-hunting leaders, and computer science researchers across the world. The unique approach to hiring security talents enabled us to find critical vulnerabilities in 90% of initial audits performed in the last 2 years.
Methodology and approach
We believe that the key to cybersecurity is mitigating risks. Despite the fact that we value the skills and trust our teammates, in every audit, we engage two different teams consisting of at least 4 security engineers (with 2 Senior Researchers in each of them) simultaneously reviewing a code because the most vulnerable point of security services, in our opinion, is the human factor.
This approach became a reason why none of our clients faced security incidents since 2021, stability issues, and unsmooth operations.
During an audit, we comprehensively research code logic, math, implementation, and any interconnected parts. Primarily, this work is based on manual code review, sometimes using different tools, from a code behavior simulation in a test environment to in-depth math modeling and calculation.
Estimations
We estimate the scope of the XDPoSChain repo for 8 auditing weeks, including all the functional parts of the chain and native smart contracts. As long as Hexens does sign its name under the project security, we highly recommend full audit coverage of the executable parts to provide the best results both for performance and secureness.
The cost of $170,000 is divided into two parts:
Retainer of 50%, $85,000, to be paid before the audit starts.
Fee of 50%, $85,000, to be paid after the delivery of the final report.
Payments are acceptable both in fiat and stablecoins.
Each week we run a call between the security and development teams, sharing findings "on the fly" and available for any raised questions.
For additional information and to book a presentation reach out to us via info@hexens.io
For further actions, you may consider blocking this person and/or reporting abuse
HEXENS is a leading cybersecurity solutions provider in Web3. Our specialization is in securing novel technologies and brave builders' solutions, including but not limited to zk solutions, L1/L2s, liquid staking protocols, and more.
Hexens has been operating since 2021 and is now working closely with the biggest and most prominent brands across the world, securing assets worth $55 BLN among blockchain projects, financial institutions, web applications, and government organizations. Trusted by Polygon, 1inch, Celo, Lido, EigenLayer, TON, Nubank, API3, and many others.
hexens.io
Previous audits
Besides confidential audit reports of consensus algorithms and L1/L2s, we recently conducted a security assessment of the Bahamut blockchain (github.com/Hexens/Smart-Contract-R...) that unrevealed multiple vulnerabilities in consensus algorithm implementation. More audit reports can be found at hexens.io/audits or on the GitHub repository above. Please pay attention to the keenness in issue descriptions and detailed explanations of possible attack vectors.
The team
Hexens' engineering team consists of multiple CTF winners, PhDs in Computer Science and Math, world bug bounty-hunting leaders, and computer science researchers across the world. The unique approach to hiring security talents enabled us to find critical vulnerabilities in 90% of initial audits performed in the last 2 years.
Methodology and approach
We believe that the key to cybersecurity is mitigating risks. Despite the fact that we value the skills and trust our teammates, in every audit, we engage two different teams consisting of at least 4 security engineers (with 2 Senior Researchers in each of them) simultaneously reviewing a code because the most vulnerable point of security services, in our opinion, is the human factor.
This approach became a reason why none of our clients faced security incidents since 2021, stability issues, and unsmooth operations.
During an audit, we comprehensively research code logic, math, implementation, and any interconnected parts. Primarily, this work is based on manual code review, sometimes using different tools, from a code behavior simulation in a test environment to in-depth math modeling and calculation.
Estimations
We estimate the scope of the XDPoSChain repo for 8 auditing weeks, including all the functional parts of the chain and native smart contracts. As long as Hexens does sign its name under the project security, we highly recommend full audit coverage of the executable parts to provide the best results both for performance and secureness.
The cost of $170,000 is divided into two parts:
Each week we run a call between the security and development teams, sharing findings "on the fly" and available for any raised questions.
For additional information and to book a presentation reach out to us via info@hexens.io