DAML
security audits
Your protocol’s security is our responsibility. We take each and every audit very personally, and we make sure no issues are left behind.
What Are We Looking For
Those are some of the vulnerabilities we focus on. Our goal is to provide complete protocol security.
Authorization & Authority Leaks
Controllers derived from choice arguments, signatory bait and authority smuggling that act without per-action consent, and unbounded delegation.
Privacy & Disclosure Leaks
Overly broad observer lists exposing sensitive data, divulgence through fetch of non-stakeholder contracts, and leakage via PQS and Ledger API consumers.
Contract Keys & Contention
Parallel submissions both reading None from lookupByKey and creating duplicates, stale ContractId references, and maintainer-scope errors.
Choice Consumption & Asset Lifecycle
A forgotten nonconsuming keyword archiving contracts on read-only choices, unguarded archival that deletes assets, and double-exercise paths.
Invariants, Arithmetic & Time
Missing ensure blocks that allow invalid state, divide-before-multiply truncation in fee math, and ledger-time skew at time-boundary decisions.
Canton Integration & Operations
Leaked JWT bearer tokens granting a party's full authority, triggers injecting unverified off-ledger data, and missing command deduplication causing double settlement.
Ready to Secure Your Codebase?
Get in touch and we’ll respond within 6 hours with price and timeline estimate.