Smart Contract Audit Cost

May 22, 2020
Quantstamp Announcements

With over 120 audits conducted and over 2 billion USD worth of digital assets secured since we were founded in 2017, Quantstamp is a leader in smart contract security and development. The purpose of this post is to explain the audit pricing process for our potential clients. Many factors contribute to the cost of a smart contract audit including, but not limited to:

When you complete an audit, you receive an official certificate.

Complexity

The varying complexity of an audit influences the cost of an audit. An example of a low cost audit is a token that strictly follows the ERC20 standard. The ERC20 token standard is one of the earliest design patterns in Ethereum smart contract development and is well understood at this point.

As the complexity of an audit increases, it requires more engineering hours, and therefore will lead to a higher audit cost. For example, a DeFi project that interoperates with several different DeFi smart contracts in patterns that have not been utilized before will require more time than an ERC20 audit.

Having clear documentation can also reduce the complexity of an audit. Sometimes, Quantstamp audits projects that have little to no documentation. This requires more time for our auditors to understand these systems and therefore puts upward pressure on the cost.

Timeline

If a client requires smart contracts to be audited within a short timeline, they will be expected to pay a premium. The amount of time it takes to adequately audit a project varies based on complexity, so make sure to contact Quantstamp early in order to factor audit time into your development cycle.

Quote and Audit Process

In order to receive a quote, visit our audits page, click on the `Request a Security Audit` button, and fill out the required information. A Quantstamp business representative will contact you and then schedule a meeting between you, a lead auditor, and the business representative. After receiving all necessary documentation and artifacts, Quantstamp will assess the workload and provide a quote containing the cost of your audit. 

Once accepted, 3 - 4 of our auditors will:

After these steps are complete, an initial report identifying vulnerabilities and other security information will be created and sent to your team. At this point, your audit is still not complete: your team will need to review the findings and send Quantstamp the fixes. Quantstamp will also review these fixes and then send you a final report once all findings and fixes are addressed. 

Throughout the audit process, Quantstamp auditors and client developers will have open lines of communication.


The Certificate

After your audit is complete, you will receive a certificate such as the ones listed below. This certificate can be used to prove to your users that an official audit was conducted by Quantstamp.

Quantstamp Announcements
May 22, 2020

With over 120 audits conducted and over 2 billion USD worth of digital assets secured since we were founded in 2017, Quantstamp is a leader in smart contract security and development. The purpose of this post is to explain the audit pricing process for our potential clients. Many factors contribute to the cost of a smart contract audit including, but not limited to:

When you complete an audit, you receive an official certificate.

Complexity

The varying complexity of an audit influences the cost of an audit. An example of a low cost audit is a token that strictly follows the ERC20 standard. The ERC20 token standard is one of the earliest design patterns in Ethereum smart contract development and is well understood at this point.

As the complexity of an audit increases, it requires more engineering hours, and therefore will lead to a higher audit cost. For example, a DeFi project that interoperates with several different DeFi smart contracts in patterns that have not been utilized before will require more time than an ERC20 audit.

Having clear documentation can also reduce the complexity of an audit. Sometimes, Quantstamp audits projects that have little to no documentation. This requires more time for our auditors to understand these systems and therefore puts upward pressure on the cost.

Timeline

If a client requires smart contracts to be audited within a short timeline, they will be expected to pay a premium. The amount of time it takes to adequately audit a project varies based on complexity, so make sure to contact Quantstamp early in order to factor audit time into your development cycle.

Quote and Audit Process

In order to receive a quote, visit our audits page, click on the `Request a Security Audit` button, and fill out the required information. A Quantstamp business representative will contact you and then schedule a meeting between you, a lead auditor, and the business representative. After receiving all necessary documentation and artifacts, Quantstamp will assess the workload and provide a quote containing the cost of your audit. 

Once accepted, 3 - 4 of our auditors will:

After these steps are complete, an initial report identifying vulnerabilities and other security information will be created and sent to your team. At this point, your audit is still not complete: your team will need to review the findings and send Quantstamp the fixes. Quantstamp will also review these fixes and then send you a final report once all findings and fixes are addressed. 

Throughout the audit process, Quantstamp auditors and client developers will have open lines of communication.


The Certificate

After your audit is complete, you will receive a certificate such as the ones listed below. This certificate can be used to prove to your users that an official audit was conducted by Quantstamp.

Get your smart contract audited by Quantstamp
Secure Now!
Get your smart contract audited by Quantstamp
Secure Now!
Quantstamp Announcements

Engineering Smart Contract Families for Solidity

Decentralized applications (dApps) (e.g., DEXes) increasingly span multiple Ethereum-compatible chains, such as a number of L2s. Although these chains are intended to be compatible with the Ethereum Virtual Machine (EVM), subtle differences in opcode implementations can significantly alter smart contract behavior and security. This poses an important question: how can developers efficiently code and manage smart contracts targeting different chains?

Read more
Quantstamp Announcements

Will EIP-7702 Affect Your Code?

The upcoming EVM hardfork, Pectra, amongst other changes, will implement EIP-7702, a proposal introducing a new transaction type that allows Externally Owned Accounts (EOAs) to delegate—and later undelegate—their behavior to smart contracts. While this upgrade enhances flexibility, it also disrupts long-standing security assumptions in many deployed contracts. With the risk that malicious actors may exploit these changes once Pectra is enabled, it is crucial to assess whether your codebase might be negatively impacted.

Read more
Quantstamp Announcements

When AI Meets Blockchain: A Guide to Securing the Next Frontier

In recent months, AI agents have attracted significant attention by the promise of assisting users and automating complex processes across diverse applications. The rapid performance improvements of Large Language Models (LLMs) in natural language processing (NLP) tasks drive this trend. However, as the capabilities and reach of these agents expand, so do the risks. The rapid pace of development, combined with the intricacies of integrating LLMs into real-world infrastructures—especially in dynamic fields like blockchain—has created an urgent need to scrutinize them for security, compliance, and operational integrity.

Read more