frequently asked questions

How much does an audit with Solidified cost?

The cost is determined by the complexity of smart contracts, size of the attack surface and how many experts you’d like to verify the code. For a standard token sale based on OpenZeppelin contracts, the price is 4k USD per auditor. For custom platforms and services, the expert cost is in the range of 8k USD. Solidified takes a 20% fee for the service.

The verification of fixes is included in the quote.

Running a bounty program with us is a final step, which is highly recommended, in which case additional bug payouts may occur.

Sample use-case: You are doing a tokensale audit with 3 experts and verifying the fixes. The total might be: 3*4k USD + 2.4k USD fee = 14.4k USD.

Sample use-case: You are doing an audit of a securities platform with 3 experts, verifying the fixes and running a bug bounty program. During bounty campaign, 1 Moderate issue was discovered. The total might be: 3*9k USD + 5.4k USD fee + 1.2k USD bug = 33.6k USD.

All payments are made with Ether at the current market rate of a reputable exchange.

What is the audit process like?

Securing your smart contract is a multi-step process. Solidified is the only platform where the entire technical due diligence lifecycle is performed. What does this mean:

Phase 1: Multi-expert Audit
Several highly-competent Solidity auditors perform an isolated and unbiased review of your contract. Each of them sits down 1:1 with the contract and prepares an audit report. After each auditor finishes their individual report, they enter into a group debrief. During the debrief, they discuss the validity of each found issue and cross-check each other for quality. From the group consensus, the final combined report is prepared and delivered to the client. The report contains issues in different categories and recommendations on how to fix each issue. You can view our past reports here.

Phase 2: Fixes and Verification
Client addresses the issues found and submits the updated version of the contracts. Solidified uses the same auditors as assigned in Phase 1 to verify that the issues have been fixed and no new vulnerabilities have been introduced. After the verification is complete, the audit report is amended, stating which issues have been addressed, and final version is sent to the client. (We will soon be offering an additional service, where the auditors can implement the fixes for the issues found on behalf of the client.)

Phase 3: The Bounty program
The client posts their contract on Solidified bounty platform where it is put in front of the entire verified expert community (150+). This is an optional, but highly recommended step, especially for more complex smart contracts. Client selects incentives for Critical, Major and Minor bugs found and funds the escrow account with the total bounty pool. After this, the contract goes live on bounty and recommended to stay there for at least 2 weeks. If a bug is found and approved (either by client or through community arbitration) the reward is automatically released from the escrow to the bounty hunter.

Phase 4: Bug Prediction Market (coming early 2019)
To further show confidence and transparency in the security of your code, a prediction market is automatically opened for your smart contract on whether a bug will be found in the deployed code within timeframe X. This feature is currently in development.

How long does the audit take?

Tokensales: 4-5 days for initial audit, 1-2 days for verification of fixes.
Custom platforms: 1-2 weeks minimum.
Additionally, add 2 weeks for the bounty program.

How does a Solidified audit compare with other auditing firms?

Most auditing firms perform only a part of the entire audit process (i.e. initial audit report but no bug bounty), we provide the full process.
Most auditing firms issue a single code expert to secure a smart contract, we provide the largest community of smart contract experts.
Most auditing firms will do a private audit (we publish our audit reports publicly here).
No audit firm is providing a continuous security metric indicating the security of your smart contract and an early waring system if vulnerabilities are found.
Automated tools and formal verification efforts (Quantstamp, Fujitsu, et al.) are much-needed efforts, but cannot be relied upon for a full security audit of complex smart contracts. We use these tools for initial checks to catch 'low-hanging' bugs.

Does Solidified provide a security guarantee after the audit?

Being native to the Ethereum community, we are proud to be working with Nexus Mutual on a smart contract based alternative to insurance.

What is Solidified?

Solidified is the #1 full-audit service for smart contracts. Having helped secure companies like Gnosis, Polymath, Bankera, Melonport and more than 40 others, Solidified has established itself as the leader in a high-quality technical audit on Ethereum.

Solidified has the largest (200+) community of Solidity experts and incorporates all stages of technical smart contract due diligence into a single platform in order to bulletproof smart contracts.

What does Solidified stand for?

Solidified takes its name from Solidity language and carries the spirit of "hardening" your code through many iterations of peer-review. Solidity is the most popular smart contract programming language.

Do you already have any partners?

As a well-established company native to the Blockchain security space we have formed several strategic partnerships. We are excited to collaborate with Gnosis with their vast expertise in prediction markets and Nexus Mutual with whom we are exploring a smart contract based alternative to insurance for the code we secure. We contribute our API to State of the DApps and work with SegaSec Cyber intelligence firm to protect Ethereum projects even further.

How long has Solidified been operating?

Solidified has been operating since November 2017.

How many audits has Solidified performed?

We’ve performed over 50 audits for some of the well-known clients like Gnosis, Polymath, Melonport, Restart Energy, Iconiq Lab, and others securing over 85M EUR.

Do you have a working product?

Yes, our live version of Solidified platform is deployed on Rinkeby network since January and can be found here. You can browse existing/past bounties here.

How many experts are in Solidified network?

There are currently over 200 experts in our network. Our network is comprised of independent Auditors, Bounty Hunters, Expert-level Solidity devs and security researchers.

What are your experts’ qualifications?

Our experts come from one of 4 backgrounds:

  • Solidity Auditors (must have track record of past audits)
  • Solidity Bounty hunters (must show bounties won)
  • Expert-level Solidity devs (must be a contributor to at least 2 major Ethereum projects or a winner of an Ethereum hackathon/coding contest).
  • Security researchers (blockchain academics and whitepaper authors, economics and game-theory researchers in cryptocurrency space)

Are the experts employees of Solidified?

No, they are not.

What is the process of becoming an auditor with Solidified?

Every expert must submit application on our site. We verify relevant track record, which must include either past audits, bounties won or prominent contributions to Ethereum projects.

We then review past and current work history to make sure there is no conflict of interest. Finally, we take the recruit through a test audit with an experienced member of Solidified network and evaluate the skill level. We make the final decision as a result.

I want a Solidified t-shirt, what can I do?

Solidified tee is an exclusive swag. You can get it either by becoming a Solidified auditor and performing your first audit, or filing an approved bug during the bounty.

I love the project, how can I contribute?

We were born from the community and consider our members to be of most importance. If you’d like to help, we are currently needing help from Solidity developers, economists, game theory specialists, bloggers and Ethereum community organizers. Email us here

When does the SOLID token sale start?

The token sale starts on the 23rd of July. It is targeted at technical people.

Which currencies can be used to buy the SOLID token?

We accept only ETH from the Whitelisted addresses.

Can I make payments directly from an exchange?

No, we do not support exchange addresses.

What is the price of a SOLID token?

1 SOLID is valued at 0.015 ETH.

Do you offer discounts?

We offer a 20% discount in the first month of the sale. Everyone is eligible for this discount, however since we prioritize the Ethereum community and developers, it will likely apply to this group first.

Where can I store the SOLID token?

You can store SOLID in ERC20 ready wallets. We recommend a hardware wallet.

Do I need to get whitelisted to participate?

Yes. To participate in the sale you need to provide your email address and complete our KYC process. We will then notify you once you've been whitelisted.

What is the minimum and maximum contribution amount?

0.5 ETH and 100 ETH respectively

Do you have a Bounty program?

The only bounty program we run is a bug bounty on our smart contracts.

What is the contribution address for the tokensale?

The offical contribution address is displayed ONLY on our website.
We will never share it any other way. Please remember, to be able to contribute, you first need to get whitelisted.

Will there be a pre-sale?

No.

Was there a private pre-sale?

No. We raised 500,000$ in seed funding from innogy New Ventures, LLC.

What is the soft cap?

There is no soft cap. We are a cash flow positive company that's well established in the market.
No matter the outcome of our token sale we will pursue our decentralized model to secure smart contracts.

What is the hard cap?

32,400 ETH

What is the max token supply?

4,000,000 SOLID

What is the name of the token?

SOLID

What are the token features?

Rather than serving as a speculative asset, the SOLID token will serve as a means of the collateralized reputation for auditors and bug hunters, as well as a medium of payment for the services they render.

Generally, these actors would stake SOLID tokens when making security assurances, lose the tokens when such assurances are incorrect, and gain tokens when they help secure contracts through audits and bug reports.

Who conducts the proper due diligence on Solidified tokensale?

We take security and compliance seriously. Our technical due diligence consists of:

  • - External audit of smart contracts by New Alchemy (report here)
  • - Internal audit of smart contracts by multiple community experts (report here)
  • - Whitehat security pentest done by LightningSecurity.io and Hosho (report here)
  • - Anti-phishing protection by SegaSec
  • - DDOS protection by CloudFlare

Our business due diligence done by:

  • - innogy New Ventures LLC

Our transparency pledge:

  • - We are a registered member of Santiment’s Project Transparency and will disclose all material transactions the token sale proceeds are used for.

KYC/AML provider:

Are US or Canadian residents allowed to participate?

No

Is there a vesting schedule for the team?

Team members have a 1 year cliff with a 3 year vesting period.

What do you need the funds for?

The funds will be primarily used to accelerate development of the Bug Prediction Market features and its economy. Check out the Proceeds Allocation section on our website.

How do you plan to transition from the existing audit model to the new?

Our existing audit model will continue operating until the new system is tested and deployed. We project to switch to the decentralized model by early 2019.

What problems does Solidified aim to solve with Bug Prediction Market?

Solidified aims to significantly improve smart contract security by introducing a fully decentralized bug prediction market. The new model diminishes the current problems of smart contract audits:

  • 1. Auditors aren't incentivized to do work thoroughly and righteously.
  • 2. Missing transparency and standards make it hard for authors to find reputable auditors.
  • 3. Smart contract bugs lead to hacks and malfunctions that hurt the entire Blockchain ecosystem.

Why not use Augur/Gnosis?

We are partnering with Gnosis to collaborate on the infrastructure of the Bug Prediction Market. Augur's prediction oracle is not compatible with our use case.

Didn't answer your question?

Email us we'll try to answer as soon as possible