Code Audits
Move Audits
Security-first engineering for Move-based smart contracts. We review your Move code for critical logic errors, resource misuse, and capability design flaws across Aptos, Sui, and other MoveVM ecosystems.
Consolidated clients
Our audit process
We tailor our audits to your project’s needs
1
Scoping & Planning
We define the engagement scope, timeline, and key focus areas based on your project’s requirements.
2
Research & Analysis
Our team studies the architecture, documentation, and technical details to fully understand the system.
3
In-Depth Review
We conduct a thorough security assessment, identifying vulnerabilities, inefficiencies, and risks.
4
Validation
Using automated and manual techniques, we validate the system under real-world conditions.
5
Reporting & Recommendations
We deliver clear findings with actionable steps to enhance security and performance.
What is a Move Audit?
A Move audit is a specialized security review for smart contracts written in the Move programming language. Unlike Solidity, Move enforces strict resource safety, but it introduces new risks around capabilities, access control, and module boundaries. We review your codebase to ensure correctness, enforceability, and resilience across all MoveVM-based chains.
Why is a Move Audit Important?
Security
Prevents hacks and exploits.
Trust
Increases confidence for investors and users.
Compliance
Helps meet regulatory requirements.
Cost Savings
Fixing issues before deployment avoids costly security breaches.
Why work with us?
Discover our streamlined 4-step methodology
1
Define Scope and Timeline
We begin by discussing the scope of the project and establishing a clear timeline & pricing for the audit.
2
Collaborative Environment
The team will keep constant communication with the client, utilizing seamless issue tracking and discussions throughout the audit.
3
Fix Review Period
A dedicated period is allocated to review and verify all fixes, ensuring they meet our quality standards.
4
Comprehensive Report Delivery
Upon completion, a detailed audit report is meticulously crafted and delivered to you.
Frequent answers and questions
Check out the Move Audits F.A.Q.
Why do Move contracts need auditing if the language is safer by design?
Move enforces strong type and resource safety, but it doesn’t protect against flawed logic, misused capabilities, or unsafe module access. These issues can still lead to critical exploits.
What do you look for during a Move audit?
We evaluate capability scoping, module visibility, resource lifecycle behavior, public entry points, and protocol-specific logic to uncover vulnerabilities that static safety checks miss.
What kinds of vulnerabilities are common in Move contracts?
Unrestricted capability access, missing reinitialization guards, resource duplication or leakage, insufficient checks on entry functions, and economic logic failures.
Which chains do you support?
We audit projects built on Aptos, Sui, 0L, and any other MoveVM-compatible environments.
What happens if issues are found?
We deliver a structured report with risk-rated findings and actionable recommendations. We also offer patch verification to confirm fixes are properly implemented.
