Our distinguished team of security experts specialize in search for 0-day vulnerabilities, ethical hacking, blockchain technologies, among many other auditing skills.  We have the expertise and industry experience in developing the best and most secure smart contracts with cutting-edge functionality and modularity.

Security offerings:
  • Smart contract audits
  • Security testing/ penetration testing
  • Customized smart contracts with the newest standards (ERC777, ERC820, ERC644)

Get quote now

Panos Papantoniou

GCA’s Lead Blockchain Developer, Researcher and Expert in information security with over 7 years of work experience.​

Head of Service

  • Created GCA's smart contract, the very first using the latest Ethereum standard ERC777, and launched it after having it pass a full and thorough professional audit
  • Conducted forensic investigations in cooperation with national authorities
  • Former, external information security advisor to the Greek Electronic Social Security Governance, a government agency that manages e-prescription systems
  • Participated and has been distinguished in the Greek military cyber defense exercise “PANOPTIS”
  • Co-founder of the “Greunion” CTF competition team with several world-class distinctions in cybersecurity
  • Served as a captain and coach to the national cyber security team participating in the pan-European cyber security competition “ECSC”.
Why an audit?
  • Each function needs to be tested to ensure it operate according to the specification and its actions does not pose a security threat.
  • Several ICO-reviewing sites and exchanges ask businesses if their smart contract has been audited.
  • It is vital that your company ensures its investors that it has done all necessary security checks and due diligence.

That's it?

....No, no. Must also consider the scope.​

The scope of the audit is very important as it defines the level of its sophistication and depth.

Our team performs
  • formal line-by-line inspection of your smart contract in order to find any potential issues
  • manually read through the codebase to identify areas that may be susceptible to potential security loopholes.

Our team performs a f.

They will manually read through the codebase to identify areas that may be susceptible to potential security loopholes.

They also seek out faults in business logic, discrepancies with specifications, and other flaws that could affect the smart contract functionality. 

Automated code reviews are executed using static analysis tools to identify the presence of vulnerabilities and to detect any possible coding flaws, back doors and malicious code.

Vulnerabilities will typically be related to under / overflow bugs, transaction-ordering dependence / front running, reentrancy, and other bugs that are well suited to an automated analysis.

Our specialists also conduct unit test reviews, dynamic analysis, and penetration tests to expand the process of assessing certain business logic, where necessary, and to simulate typical attacks such as short address, re-entrance, re-ordering and other attacks.

How could the coverage be extended?

Want to get even more in depth?

If desired, smart contracts can be manually deployed to a testnet for assessment. These testnets will be used to find edge cases in your code, whether it’s a way to lock user funds in the contract or if a bonus percentage is being calculated incorrectly. 

Additionally, they’ll help to identify bugs in your test suite if they are provided with the associated unit tests. Last but not least, our security experts will review the cryptography embedded into the smart contract to identify any potential behavioral defects

How is all this reported?

Our team compiles a detailed report covering every test that was conducted.  The report is intended only to provide documentation that a client has corrected all findings noted by our team until the day the report is delivered. 

The report cannot and does not protect against personal or business loss as a result of the use of the applications or systems described.Testing is conducted on the applications and systems as they exist on that particular day of the report delivery. 

Information security threats are continually changing, with new vulnerabilities discovered on a daily basis. Duly note that no application can ever be 100% secure no matter how much security testing is performed.

Contact / Quote