Web3-Focused Infrastructure Audits

Our web3 infrastructure audits are complementary to ISO 27001 and SOC v2
A web3-focused security check of your project’s infrastructure using both automated and manual assessment techniques
Web3 infrastructure audits are relevant for node operators as well as L2s, oracles, bridges, and other projects with off-chain components.
The Quantstamp infrastructure audit is mandatory to obtain the Verified Staking Provider (VSP) Pro status on the Staking Rewards website and stand out in front of hundreds of other node operators
Solution for Infrastructure
Most web3 projects require substantial infrastructure to deliver a high level of performance to their users. Whether that infrastructure is cloud-based, on-premise, or a hybrid model, there is always a risk of external hacks and configuration errors that could lead to serious consequences. These consequences include slashing for proof-of-stake node operators, downtime and external hacks for L2s and oracles, off-chain components for DApps and protocols, and more. Many mature projects opt to get an ISO 27001 or SOC v2 audit; however, vulnerabilities often remain overlooked because these certifications do not check any web3-specific configurations or protections.
Web3 Infrastructure Audits
Quantstamp has partnered with industry leaders such as CoGuard to take infrastructure scans to the next level. Our team of security researchers has developed a proprietary set of web3-specific checks and best practices exclusive to Quantstamp.

We are excited to add web3 infrastructure audits to our suite of services, a reflection of our commitment to securing the often-overlooked web2 aspects of web3 projects. These audits are often referred to as white-box penetration tests (pentests) of the network infrastructure, as they aim to prevent external hackers from gaining access to the internal network of your project’s core systems.

With a mission to secure the future of web3, we’re proud to launch a service that will benefit the entire web3 ecosystem by protecting projects against external attacks and node operators against slashings.
Leading projects that have undergone a Quantstamp infrastructure audit:
Ready to protect your infrastructure against configuration errors and external attacks?