This sector deep-dive is currently available in Portuguese only. Full English translation is in progress.

/servicos · Pentest Smart Contracts

Pentest Smart Contracts: Solidity, Foundry, Slither

Auditoria de smart contract Solidity/Vyper — reentrância, integer over/underflow, oracle manipulation, access control, MEV, flash loan attack.

Auditar smart contract See vectors

90% manual · 10% automated

OSCP · CISSP · CRTO · GPEN

BR · PT · IT · ES · MA · US · AU

OWASP · MITRE · PTES · NIST

Why now

The real pain

Protocolo DeFi vaza milhões/hora quando smart contract tem bug. Pre-mainnet audit é higiene mínima. Pós-deployment, monitoring de exploit e governance attack é contínuo.

Applicable frameworks

EEA Smart Contract SecurityOpenZeppelin PatternsSWC RegistrySolidity Best Practices

/attack-surface

Pentest Smart Contracts

Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.

Reentrância (SWC-107)

Cross-function, cross-contract, read-only reentrancy via view function.

Integer over/underflow (SWC-101)

Solidity <0.8 sem SafeMath, custom math sem checked-arithmetic.

Access control (SWC-105/106)

Função pública sem modifier, owner mal definido, multisig fragility.

Oracle manipulation

Spot price manipulation, flash loan + oracle, TWAP gaming.

MEV e front-running

Sandwich attack, generalized front-running, time bandit.

Governance attack

Token holder vote manipulation, proposal injection, timelock bypass.

/methodology

Genuinely manual pentest

Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.

01 · Reconnaissance

Target mapping, OSINT, footprint, sector-specific threat modeling.

02 · Discovery

Deep enumeration, complementary scanning, manual exposure identification.

03 · Exploitation

Manual validation with controlled PoC, finding chaining, escalation.

04 · Report

Executive + technical, step-by-step replication, mapped to applicable regulation.

/why-trust

Who has trusted our work

Auditoria pré-mainnet para protocolos DeFi e NFT em redes Ethereum, Polygon e L2s.

Caixa Econômica Federal

Banco BMG

iFood

ArcelorMittal

Multibanco

Polícia Federal

Fórmula 1

OpenFinance

Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.

Douglas Lopes

Founder · CEO · intrus.io

/faq

FAQ — Pentest Smart Contracts

Vocês usam Slither + Mythril + Foundry?

Sim como insumo — depois auditoria manual linha-a-linha por dois auditores Solidity sêniors com cross-review.

Faixa de preço?

Smart contract simples (até 500 LoC): R$ 15-40k. Protocolo DeFi (5k+ LoC): R$ 50-180k. Auditoria contínua de upgrade: R$ 8-25k/mês.

/contact

Auditar smart contract

Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.

Talk to us See other sectors

Other sectors we cover

/pentest-mobile

Pentest Mobile

/pentest-api

Pentest de API

/red-team

Red Team

/pentest-cloud-aws

Pentest AWS

/pentest-cloud-gcp

Pentest Google Cloud

/pentest-cloud-azure