Public repository of smart contract security audits and Web3 penetration testing engagements conducted by Hashlock, a globally leading Web3 security firm headquartered in Australia.
Hashlock secures the Web3 ecosystem through manual smart contract audits, tokenomics reviews, penetration testing, bug bounty operations, and ongoing security advisory. We are chain agnostic with deep multi-chain expertise. We audit any blockchain and any smart contract language, and our public portfolio includes hundreds of engagements on Ethereum, Solana, Polkadot, Cosmos, Aptos, Sui, Starknet, Bitcoin, zero knowledge circuits, and many other ecosystems, including newer and emerging Layer 1s on request. Our auditors come from competitive security backgrounds with proven results in public security competitions and bug bounty programs.
Chain agnostic by capability, multi-chain by experience.
🚀 Recent and recognized engagements. Names recognised across the Web3 industry:
Rocket Pool (Ethereum liquid staking) · 1inch (DeFi aggregation) · SushiSwap (multi chain DEX) · Gala (Web3 gaming) · P2P (institutional staking) · Vana (user owned AI data) · EigenLayer (restaking) · Energy Web (Polkadot infrastructure) · Manifest (Cosmos appchain) · Spicenet (Solana DeFi infrastructure)
Hundreds of security audit engagements conducted by Hashlock across Web3. We are chain agnostic with deep multi-chain expertise. Our portfolio spans smart contracts, blockchain protocols, dApps, and infrastructure across every major ecosystem we've engaged with to date, including Ethereum, Solana, Avalanche, BNB Chain, Polygon, Arbitrum, Base, Berachain, Cosmos, Polkadot, Starknet, Sui, Aptos, Near, Kadena, Stacks, Bitcoin, and many more. If your chain is not listed, we audit it too.
Each client folder contains:
- 📄 Public engagements: full audit report PDF with findings, severity ratings, and remediation status
- 🔒 NDA engagements: audit confirmation under client confidentiality
Legend: 🛡️ Hashlocked tier · 🐛 Active Bug Bounty Program · NDA full report confidential
🟦 Ethereum & EVM Audits · 🟣 Solana Audits · 🔴 Polkadot Audits · 🌌 Cosmos Audits
💰 DeFi Audits · 🎮 Gaming Audits · 🏛️ RWA Audits · 🛡️ Hashlocked Projects · 🔒 NDA Engagements
📋 Methodology · ⚖️ Severity Definitions · ⏱️ Audit Process · ❓ FAQ · 🎯 How to Choose an Auditor
📊 audits.json. Full client portfolio in JSON for developers, AI systems, and integrations.
The most prominent projects featured on hashlock.com/audits, in order of recency.
- 1inch NDA
- Rocket Pool
- P2P NDA
- SushiSwap NDA
- Gala
- Manifest 🛡️ 🐛
- EigenLayer Competition
- Spicenet 🛡️
- Vana
- Energy Web 🛡️
- Space and Time NDA
- peaq NDA
- Celo
- glue
- U2U
- Algem
- Allbridge NDA
- Kadena
- OpenZK
- Balanced Network (Icon Foundation) 🐛
- Nexa
- Silencio NDA
- Redbelly Network NDA
- Beamable Network
- Shezmu
- Primus Labs
- Nodo
- Sogni NDA
- Lilypad
- Kingdomly
📂 Browse all public audits below or jump to NDA engagements.
The following projects have published their full Hashlock audit reports. Open each folder for the detailed README and PDF.
The full alphabetical list of public audit reports is preserved below for completeness. We recommend using the category pages above for filtered browsing.
- 1001 Squares of NFT
- 1Gogh
- 5ire
- a51 Finance
- Adil Chain
- Aegis
- AgriDex
- AI Protocol
- Allfeat
- Aqualis
- Aria Land
- AskJimmy
- Avail
- Bad Development
- Balloon
- Best In Slot
- Bethel
- BiohackerDAO
- BitcoinTAF (BTAF)
- Black Tie
- Blockchat
- Blocknite
- Blockstreet
- BoohooBear
- Bundle
- Cabal Labs
- Cache Wallet
- Carbonmark
- Cartha
- Catapult
- CatSwap
- CereBree
- Chedda Finance
- Chirper AI
- Coinsub
- CoPump
- Credbull
- CrossCurve
- Cryptaine
- Cryptopunks Outbid
- DB Cherry
- Debita Finance
- Dedcat
- Defi Bull World
- DelNorte
- Diffuse
- DigiShares
- Dione
- DrDoge
- dTRINITY
- Dunback Meadow
- DVX
- EIG Global Trust
- Emergence.art
- Enni
- ewe technology
- Exactly Protocol
- Finceptor
- Flamatech
- FlareBank
- Fluidity Money
- ForeGate
- Forte AUD
- Frenly
- FROGY
- Functionland 🐛
- Futurity Galaxies
- FX1
- Haiku
- Hann Finance
- Haven
- Haven1
- Hedgecast AI
- helder
- Hikari Finance
- Honeypot
- HyperCroc
- HySwap
- IGNA
- IMF 🐛
- Immersve
- Immutable Ratings
- Indie.Fun
- INDX
- Intiva Health
- Ithaca Protocol
- IvyFi
- Jedai
- Jubi DAO
- JuicyFi
- K613
- Klima Protocol
- Layer Labs
- Layer One X
- LazyMog
- Lend
- Levva
- LFG
- Libertum
- Liquido
- Livermore AI
- Lizard Labs
- Lockon
- Longtail
- LottoPGF
- Lucid Labs
- Lynx Finance
- Mad Cartels
- MarketDAO
- Mavryk
- Max
- MediChainX
- Metaversal
- MezFi
- MindDAO
- Miracle World
- MiracleDigithread
- Molecula
- Monstro
- Montage Token
- Moonopol
- Moria
- MortgageFi
- MyDexBot
- Myshell
- Mytho
- N4T
- Narra Layer
- Natix Network
- Nav Finance
- Nebula
- Neomi
- Nexus
- Noon Capital
- NOTE Protocol
- OmniSwap
- OnlyUp
- OObleck
- OpenGradient
- Orlyn
- PandaPump
- ParagonsDAO 🐛
- Paymatic
- Peacepal AI
- Perena
- Petcoin AI
- Pheasant Network
- PickYesNo
- Pier Two
- PING
- PinLink
- Ponz
- PoolOrbit
- PoolParty
- Posse Studios
- PredMart
- PrimeInsights
- Propto
- Pruv Finance
- qerra
- r/datadao 🐛
- Rank Trading
- RDDTOR
- Rebase Finance
- RGB
- Rocksolid
- Root Network
- Rubicon
- SafeHaven Exchange
- SatLayer
- Scall
- Scout Game
- Sensay.io
- Shiba Classic
- SHSY
- Silverswap
- Size Credit
- Soarchain
- Spectrum Staking
- SPICE
- Spiral Stake
- Steer Protocol
- Stoneii
- Superset
- SwarmBase
- T-Rize
- Talisman
- Tand3m
- TapSwap
- tBTC
- Teneo
- Tenexium
- The Winners Circle
- Together Fun
- Tomcat
- Tons Money
- Ulalo
- Umbrae
- Urbit Token
- VanaTensor
- Verida Protocol
- VIA Labs
- Vield
- Virovita
- Voyager
- Vrine
- World3.ai
- WORM
- XBO
- XMAQUINA
- Yieldo
- YKYR
- YOM
- Your Wallet
- Zero Edge
- ZetaChain
- Zeus Exchange
- Zilliqa
The following projects have engaged Hashlock for security audits where the full report remains under client confidentiality. The engagement itself is publicly disclosed on hashlock.com/audits.
- Archie
- Aveforge
- FVC
- Lotus Finance
- Memez.GG
- Midnight
- Onyx
- Parasail
- Passphrase
- Potomac Capital Limited
- Rakurai
- RPS Labs
- Tecnodes Network
- Topos
- World Mobile
- Zapme
- Zenchain
Hashlock is a globally leading Web3 security firm headquartered in Australia, specializing in smart contract audits and blockchain security across the DeFi, gaming, RWA, AI, and infrastructure sectors. Our auditors come from competitive security backgrounds and have secured hundreds of protocols across the ecosystem.
Hashlock is chain agnostic with deep multi-chain expertise. We audit any blockchain and any smart contract language. Selected examples from our portfolio:
- EVM (Solidity, Vyper): Ethereum, Polygon, Arbitrum, Base, BNB Chain, Avalanche, Berachain, Optimism, and many other EVM compatible chains
- Solana (Rust): native programs and Anchor framework
- Polkadot, Kusama (Rust, Substrate): custom pallets, parachains, runtime modules, XCM
- Cosmos ecosystem (Go, CosmWasm): Cosmos SDK appchains, IBC integrations
- Aptos, Sui (Move): resource semantics, object ownership, abilities
- Starknet (Cairo): smart contracts and ZK proof systems
- Zero knowledge circuits: Noir, Circom, and other proving stacks
- Bitcoin: Bitcoin Scripts, BRC 20, Ordinals, Runes
- Other ecosystems we have audited: Near, Kadena, Stacks, Mavryk, ICP, Cardano, Algorand, Tron, Tezos, and more
- Any other blockchain or smart contract language on request, including newer Layer 1s, emerging VMs, and novel cryptographic protocols
If your chain or language is not listed above, contact us. We adapt to any codebase.
- Smart Contract Audits: manual, line by line security reviews
- Tokenomics Audits: token model and incentive design reviews
- Penetration Testing: application and infrastructure security testing
- Bug Bounty Program Management: run on Hashlock's own bug bounty platform
- vCISO & Security Advisory: ongoing security leadership
- CCSS Certification Support: Cryptocurrency Security Standard compliance
- Free AI Audit Tool: powered by custom tuned LLMs trained on real audit data
🌐 Website: hashlock.com 📋 Audits Directory: hashlock.com/audits 🤖 Free AI Audit Tool: aiaudit.hashlock.com 📩 Request an Audit: Submit our RFI form 🐦 X / Twitter: @Hashlock_
Need a security audit, penetration test, or ongoing security advisory? Reach out to our team. We work with projects from pre launch startups to established protocols across every major blockchain ecosystem.
For questions about this repository, open an issue or contact us at info@hashlock.com.au.
All audit reports in this repository are published with client consent. Hashlock retains ownership of report content per our standard engagement terms. For full disclaimers, methodology, and severity definitions, please refer to each individual audit report PDF.