Convergence '25 Recap is Live| Watch All Talks

Security That Powers the World’s Open Financial System

From smart contracts to infrastructure and digital assets, OpenZeppelin protects the foundations of onchain finance and blockchain innovation.

Talk to a Security Expert
/// @inheritdoc IPoolManager function donate(PoolKey memory key, uint256 amount0, uint256 amount1, bytes calldata hookData) external override onlyWhenUnlocked returns (BalanceDelta delta) { Pool.State storage pool = _getPool(key.toId()); pool.checkPoolInitialized(); key.hooks.beforeDonate(key, amount0, amount1, hookData); delta = pool.donate(amount0, amount1); _accountPoolBalanceDelta(key, delta, msg.sender); key.hooks.afterDonate(key, amount0, amount1, hookData); } /// @inheritdoc IPoolManager function sync(Currency currency) public returns (uint256 balance) { balance = currency.balanceOfSelf(); currency.setReserves(balance); } /// @inheritdoc IPoolManager function take(Currency currency, address to, uint256 amount) external override onlyWhenUnlocked { unchecked { // negation must be safe as amount is not negative _accountDelta(currency, -(amount.toInt128()), msg.sender); currency.transfer(to, amount); } } /// @inheritdoc IPoolManager function settle(Currency currency) external payable override onlyWhenUnlocked returns (uint256 paid) { if (currency.isNative()) { paid = msg.value;Critical 01 : L281-290 } else { if (msg.value > 0) NonZeroNativeValue.selector.revertWith(); uint256 reservesBefore = currency.getReserves(); uint256 reservesNow = sync(currency); paid = reservesNow - reservesBefore; } _accountDelta(currency, paid.toInt128(), msg.sender); }
ERC-20 Representation of Native Currency Can Be Used to Drain Native Currency Pools

More than

$250 billion

in Total Value Secured

More than

10000

Total Issues Uncovered

More than

700

Critical & High
Vulnerabilities Uncovered

Trusted by world’s leading projects

Uniswap
ANZ-Logo-2009 1-1
Coinbase-1
aaveLogoWhite 1-1
Group-2
Ethereum Foundation-1
Lens Protocol
Polkadot
Uniswap
ANZ-Logo-2009 1-1
Coinbase-1
aaveLogoWhite 1-1
Group-2
Ethereum Foundation-1
Lens Protocol
Polkadot

Core Security Audits

Industry-leading code reviews and vulnerability assessments

Smart Contract Security Audit

Secure your onchain application code with the gold-standard smart contract audit. Our security researchers conduct a line-by-line review to identify vulnerabilities, logic flaws, and upgrade risks before deployment. Trusted since 2017 as the first smart contract auditing firm.

Learn More → Request a Quote →

Solana Program Security Audit

Secure your Solana programs with deep, Rust-based code analysis. Our researchers uncover runtime vulnerabilities, logic errors, and unsafe patterns unique to the Solana execution model, providing actionable recommendations to strengthen resilience before mainnet deployment.

Talk to a Security Expert →

Zero-Knowledge Proof Audit

Ensure the correctness and soundness of your ZK systems. Our cryptographers review circuits, verifiers, and proofs for implementation accuracy, efficiency, and security across zkEVMs, provers, and privacy protocols.

Learn More → Request a Quote →

Blockchain Infrastructure Audit

Validate the integrity and reliability of your blockchain infrastructure. We assess consensus mechanisms, node software, bridges, and rollup components to identify design flaws and implementation risks across complex architectures like OP Stack, Geth, and Cosmos SDK.

Learn More → Request a Quote →

“Collaborating with OpenZeppelin on our security audit was a productive and positive experience. We appreciated their thoroughness and attention to detail.”

Yoav Weiss

Security, Ethereum Foundation

Deployment Readiness & Verification

Prepare for launch and verify production deployments

Pull Request Reviews

Maintain continuous security as you ship new updates. Pull requests are reviewed between releases to identify new risks and ensure every change preserves audit-level quality.

Talk to a Security Expert →

Deployment Verification

Collaborative design and research with your protocol team. Verify that what you deploy matches what was audited. Deployed bytecode, parameters, and configurations are validated to guarantee production alignment and prevent post-audit drift.

Talk to a Security Expert →

Risk Assessment & Operational Security

Minimize risks and strengthen operational controls

Digital Asset Risk Assessment (DARA)

Evaluate stablecoins, tokenized assets, and digital securities with institutional-grade risk analysis. DARA assesses blockchain infrastructure, smart contract security, collateral quality, and operational controls—delivering standardized A-F ratings to support listing, custody, investment, and compliance decisions.

Talk to a Security Expert →

Blockchain Operational Security Service (BOSS)

Assess and strengthen the operational layer behind your smart contracts. We evaluate key management, deployment workflows, upgrade governance, and access controls—then deliver targeted training to close gaps and build lasting security discipline across your team.

Talk to a Security Expert →

Penetration Testing

Test your systems under real-world attack conditions. Simulated attacks target your applications, APIs, backends, and networks to identify exploitable weaknesses before attackers find them. Receive a prioritized remediation roadmap with actionable steps to harden your security posture.

Talk to a Security Expert →

"The cryptographers at OpenZeppelin are extremely proficient. We designed a modification that was not easy to grasp, and it was understood quite quickly and thoroughly. The discussions led to some upgrade not only in the solidity code but in gnark-crypto and gnark, especially KZG related operations."

Thomas Piellard

Applied Cryptographer, Linea

Strategic Advisory & Training

Embed security expertise throughout your development lifecycle

Design Reviews

Validate your system architecture early to prevent costly vulnerabilities later. Early-stage reviews of design diagrams, data flows, and upgrade mechanisms identify architectural weaknesses and improve security modularity before implementation—reducing reworks and accelerating audit readiness.

Talk to a Security Expert →

Blockchain Development & Security Training

Build institutional blockchain expertise from the ground up. Tailored workshops cover blockchain fundamentals, smart contract security, tokenization frameworks, and operational risk management—equipping your teams with the knowledge to launch compliant, production-grade digital asset solutions confidently.

Talk to a Security Expert →

Applied Research

Collaborate with OpenZeppelin’s researchers to validate new mechanisms and architectures. We model your system under adversarial conditions, applying formal and empirical methods to ensure correctness, efficiency, and resilience at scale.

Talk to a Security Expert →

Incident Response & Emergency Training

Collaborate with OpenZeppelin’s researchers to validate new mechanisms and architectures. We model your system under adversarial conditions, applying formal and empirical methods to ensure correctness, efficiency, and resilience at scale.

Talk to a Security Expert →

Enterprise-Grade Compliance & Certifications

OpenZeppelin meets the highest standards of security and operational integrity, with frameworks designed for institutional adoption.

Need a Custom Security Engagement?

If you’re exploring a security need not listed here — from protocol-specific research to enterprise integrations — our team can help.

Talk to a Security Expert