Auditors

PAL works with a curated pool of reputable auditors in the Web3 security space. This includes both traditional auditing firms and platforms for crowdsourced audits.

Apply as Auditor

The following is a list of PAL-approved auditors with their contacts:

Traditional audits

Name	Works with	Contact
Beosin	Rust, Solidity	service@beosin.com
Chaintroopers	Rust, Solidity	info@chaintroopers.com
CoinFabrik	Rust, Solidity	valeria.caracciolo@coinfabrik.com
Dedaub	Rust, Solidity	contact@dedaub.com
Guvenkaya	Rust, Web2	timur@guvenkaya.co
Hacken	Rust, Solidity	b.bennett@hacken.io
OAK Security	Rust, Solidity	info@oaksecurity.io
OpenZeppelin	Rust, Solidity	contact@openzeppelin.com
Pashov Audit Group	Rust, Solidity	pashovkrum@gmail.com
Red4Sec	Rust, Solidity	info@red4sec.com
Runtime Verification	Rust, Solidity	contact@runtimeverification.com
Spearbit	Rust, Solidity	henry@spearbit.com
SRLabs	Rust, Solidity	hello@srlabs.de
Trail of Bits	Rust, Solidity	sales@trailofbits.com
Zellic	Rust, Solidity	kaushik@zellic.io

Crowdsourced audits

Name	Works with	Contact
Code4rena	Rust, Solidity	trebien@code4rena.com
Cantina	Rust, Solidity	henry@spearbit.com
Codehawks	Rust, Solidity	mark@cyfrin.io
HackenProof	Rust, Solidity	e.fedotova@hackenproof.com
Immunefi	Rust, Solidity	team@immunefi.com

Selecting an Auditor

When selecting an auditor for your project:

• Consider their expertise in the specific technologies you're using (e.g., Rust, Substrate, ink!, Solidity).
• Review their past audit reports, if available.
• Consider their familiarity with the Polkadot ecosystem.
• Reach out to multiple auditors to compare quotes and availability.
• Rotate your auditors - consider picking a different supplier for your next audit.

Remember to mention that you're applying under PAL when contacting these auditors.

For any questions about selecting an auditor or if you have a preferred auditor not on this list, please contact the PAL curators.