Audit-first
Slither + Foundry + fuzz before any external review
Token
We ship audited on-chain systems in < 45 days.
- Smart contracts with 100% branch coverage — not "it compiles"
- Token launches, staking, and DeFi primitives, EVM-first
- Formal audit trail — Slither, Foundry, fuzz, external review
- Off-chain plumbing: indexers, oracles, wallets, KYC gates
gas / tx
48k
coverage
100%
audit score
A
Trust
Audited, not hyped.
45-day launch
From whitepaper to mainnet in six weeks
Multisig by default
Timelocks, Safe, role-scoped upgrades from day one
Gas guarantee
Refund if we miss the target gas / tx envelope
The cost of "audit-later"
60% of token launches bleed value in the first 30 days.
- No formal verification = no sleep. Shipping a contract you can't prove is a liability.
- Gas bills that balloon 5× once real users show up.
- Reentrancy, access-control, and oracle-manipulation bugs — all preventable.
- Indexers that miss reorgs — dashboards that show ghosts.
- Vendor lock-in to one chain — zero exit when fees spike.
Median post-launch loss on un-audited contracts
€40–800k / incident
Blended average; sources: Chainalysis 2024 Crypto Crime Report, Rekt News post-mortems.
What we do
TOKEN: the six layers we build on every chain engagement.
Design
Tokenomics & spec
Emission curves, vesting, sinks, fee splits. We model flows before a single line of Solidity — so the math survives the market.
Contracts
Smart contracts
ERC-20, ERC-721/1155, staking, vaults, governance, upgradeable proxies. Foundry-first, gas-tuned, 100% branch coverage.
Multi-chain
EVM + Solana + L2s
Deploy on Base, Arbitrum, Optimism, Polygon. Bridges, CCIP, LayerZero where it makes sense. Solana / SVM when the fees do.
Audits
Security harness
Static analysis, fuzzing, invariants, formal verification on critical paths. Plus a scoped external audit with our partners.
Off-chain
Indexers & dApp
The Graph / Ponder subgraph, websocket pricing, wallet connect, SIWE auth, a clean Next.js dApp your users won't curse at.
Ops
Monitoring & incident
Tenderly alerts, Forta bots, multisig ops playbook, on-call rotation. Pause switches and timelocks tested on fork.
Hard proof
Before / after. Real mainnet deploys.
Names anonymized. Numbers pulled from on-chain traces and audit reports.
◆ DeFi · Staking vault
◆ NFT · Marketplace contracts
◆ Gaming · In-game token
token.audit.log
> slither_highs:
0
> foundry_coverage:
100%
> invariants_passing:
142 / 142
> avg_gas_per_op:
48,210
> multisig_threshold:
3 / 5
> timelock_delay:
48h
Process
A 45-day sprint from whitepaper to audited mainnet.
Six phases from spec to measurably safe contract. Each phase ends with a deliverable you own.
- 1 Days 1–5
Spec & tokenomics
Pin the economic charter. Emission, vesting, sinks, fee flows. Threat model written before the first contract file.
- 2 Days 5–15
Core contracts
Token, vault, staking, governance. Foundry-first. 100% branch coverage target before we add a single tool.
- 3 Days 15–25
Invariants & fuzz
Stateful fuzzing, invariants, symbolic tests on critical paths. Internal audit passes before we touch testnet.
- 4 Days 25–35
Off-chain & dApp
Subgraph, RPC fallbacks, wallet connect, SIWE auth, a Next.js frontend that doesn't embarrass you.
- 5 Days 35–42
External audit
Scoped review with our audit partners. Findings triaged, fixed, re-tested. Freeze commit for deploy.
- 6 Day 45 +
Launch & watch
Multisig setup, timelock live, Tenderly alerts, Forta bots, runbook. 30-day incident window included.
Definition of Done
- 100% branch coverage
- 0 highs, 0 mediums external
- Gas envelope hit per op
- Multisig + timelock live
- Reorg-safe indexer running
- Incident runbook rehearsed
Packages
Pick your level of ambition.
Spike
Prove the token model first.
10 days
- Tokenomics modeling + threat map
- Versioned spec + acceptance tests
- Reference prototype on testnet
- Go / no-go report + Loom walkthrough
Launch
From whitepaper to audited mainnet.
45 days
- Everything in Spike
- Core contracts + gas tuning
- Invariants + stateful fuzzing
- Indexer + dApp frontend
- External audit + re-review
- 30-day incident window
Guardian
Keep it safe. Forever.
Monthly retainer
- Everything in Launch
- Monthly invariant & fuzz review
- Upgrade & migration review
- On-call during incidents
- SLA on detection & response
Final price depends on contract count, chain(s) & audit scope. Free Spike quote after a 15-min call.
Common concerns
The questions every CTO asks first.
Can you guarantee that the contract is safe?
No one can give 100% guarantee — but we minimize risk to the engineering maximum. Formal verification, fuzzing, static analysis, economic attack simulation, independent audit. Plus kill-switch and monitoring that react in milliseconds.
We already have a smart contract. Can you just audit it?
Yes. We run a standalone audit: static analysis, manual review, attack simulation. You get a report with severity ratings, reproduction steps, and specific fixes. Usually 1-2 weeks depending on contract complexity.
What if the chain we chose turns out to be wrong?
That's why we start with Discovery. We analyze 5+ chains for your use case before writing a single line. If you're already committed, we design modular architecture — swapping chains doesn't mean rewriting everything.
Can we take over maintenance ourselves after launch?
Absolutely. Full source code, infrastructure-as-code, runbook, incident playbook, monitoring configs — everything is yours. We run a knowledge transfer session with your team. Zero vendor lock-in.
Does the gas guarantee cover post-launch upgrades or only the initial deploy?
The gas envelope we quote in the Spec phase covers the in-scope contracts at launch. New features added later get their own envelope under the Guardian retainer — same refund rules apply. Anything outside the original scope is re-quoted, never silently absorbed.
Who controls the multisig keys after handover?
You do. The 3-of-5 Safe is set up with your signers from day one — typically two founders, your CTO, your auditor's reviewer, and one CodeFormers ops signer for the 30-day incident window. After handover we rotate out, leaving you with a 3-of-4 you fully own.
Free tools
Pressure-test your token plan before you call us.
Free calculators and scanners to benchmark where you stand.
Most popular
Team Cost Calculator
Estimate monthly cost of a dedicated development team tailored to your Web3 project.
Tech Stack Advisor
Get a personalized blockchain stack recommendation based on your project requirements.
Project Estimator
Scope your token engagement — contract count, chain mix, audit depth, timeline.
MVP Scope Calculator
Decide what to ship in your first launch and what to defer to Sprint 2.
Tools & stack
The toolbox behind every TOKEN sprint.
SolidityRustHardhatFoundryOpenZeppelinSlitherEchidnaTenderlyethers.jsviemwagmiweb3.pyThe GraphAlchemyQuickNodeChainlinkGnosis SafeTypeScriptNode.jsPostgreSQLRedisDockerTerraformGrafanaSentry
Every project comes with: repository, verified contracts, IaC, runbook, and monitoring configs. Your team takes over at any point — zero vendor lock-in.
FAQ
FAQ: Web3 development, timelines, and security.
- Typically 4-6 weeks for a smart contract + monitoring setup. This includes: architecture & threat model (1 week), development + tests (2 weeks), security audit (1 week), testnet + mainnet deploy (1-2 weeks). Complex multi-chain setups take 8-12 weeks.
- All major EVM chains (Ethereum, Base, Arbitrum, Polygon, Optimism, BSC), Solana, and L2 rollups. During Discovery we analyze which chain best fits your use case — cost, speed, ecosystem, and liquidity.
- Depends on scope: a Discovery sprint starts from €5,000. A full smart contract MVP from €20,000. Complex trading infrastructure from €50,000+. We provide a detailed estimate after the Architecture Call — free, no obligations.
- Yes — MEV-aware execution engines for arbitrage, sniping, DCA, rebalancing. Every bot has backtested strategy, kill-switch, position limits, and 24/7 monitoring. We don't promise returns — we build reliable infrastructure.
- Full audit includes: static analysis (Slither, Mythril), fuzz testing (Echidna), manual line-by-line review, economic attack simulation, and a detailed report with severity ratings, reproduction steps, and specific code fixes. Takes 1-2 weeks depending on complexity.
- Yes. We plug wallet connect, token gating, on-chain payments, or NFT functionality into your existing stack — React, Next.js, mobile. The Web3 layer adapts to your architecture, not the other way around.
Get started
Tell us the feature. We'll tell you the launch plan.
You'll get: risks, architecture, MVP plan. NDA on request. Zero spam.