Praetorian takes a multi-layered approach to Web3 security. The core component is a methodical review of the smart contracts’ source code. Our engineers possess the necessary expertise to comprehensively identify vulnerabilities in domain-specific languages such as Solidity and Vyper. A thorough code review that combines manual and automated techniques can surface vulnerabilities related to reentrancy, price manipulation, paths to unprotected token and value transfers, and authorization issues. During this step, we also

Assess the resilience of a client’s smart contracts against transaction ordering attacks from often unexpected threat actors such as MEV bots or malicious miners/validators. These attackers will front-run externally profitable transactions and manipulate block properties such as the block timestamp in order to influence the conditions of a transaction in their favor (e.g. lottery/random value manipulation).

Web3 also poses unique concerns related to denial of service. In many cases, Web3 denial of service attacks result in a weakening of the system’s security guarantees or may cause permanent and direct loss of value. For example, our engineers can locate unbounded loops and other anti-patterns that could allow an attacker to manipulate the cost of executing a contract or prevent execution of a contract altogether.

Additionally, Praetorian evaluates the security of the infrastructure and technical protocol implementation used by the underlying blockchain. This includes confirming that sufficient protections are in place against threats such as validator takeover, 51% attacks, and vulnerabilities involving bridges and RPC nodes. Finally, and when applicable, Praetorian also undertakes a thorough review of traditional frontend and backend application vulnerabilities that might represent an attacker’s path of least resistance.