CD Security

• Name: CD Security
• URL: https://cdsecurity.io/
• Category: security-review infrastructure / public audit-report portfolio / audit-readiness tooling / boutique web3 security firm
• Summary: CD Security is a small audit shop with a public report archive and a concrete pre-audit readiness workflow. Useful process note, still a boutique firm rather than a category anchor.
• What it does:
  • Performs smart-contract security reviews for web3 projects, emphasizing manual review, targeted fuzzing, protocol-aware testing, and actionable remediation
  • Specializes across Solidity, Rust, Move, Cairo, and TypeScript according to the official about page
  • Positions itself as a small, senior-heavy firm founded by two independent auditors and staffed through a pool of experienced auditors with verified public track records
  • Maintains a public GitHub audit-portfolio repository with many linked PDF reports across DeFi, bridges, staking, RWAs, insurance, and other protocol categories
  • Publishes practical pre-audit guidance covering internal audits, multiple external audits before launch, documentation expectations, and incident-response planning
  • Ships an audit-prep skill that runs an eight-phase readiness check for Foundry and Hardhat projects, scoring areas such as coverage, docs, hygiene, dependencies, deployment, and project context
• Key claims:
  • The homepage says CD Security aims to stop multi-million-dollar breaches by uncovering vulnerabilities in protocol code before attackers do
  • The about page says the firm was founded in 2023 by two independent auditors, Chris and Dimitar, and was intentionally built to stay small, sharp, and focused rather than become a large VC-backed shop
  • The about page says CD Security provides manual code review, targeted fuzzing, and protocol-aware testing across Solidity, Rust, Move, Cairo, and TypeScript
  • The about page says the firm has completed 100+ audits and works with a pool of experienced auditors where every auditor has 100+ public findings
  • The GitHub audit-portfolio repository publishes many public PDF reports for projects such as Euler, Dexlyn, Beezie, Chateau Capital, and others, showing a consent-based public report archive rather than a purely private services model
  • The security-preparation blog says the bare-minimum launch baseline should include one internal audit, two external audits before launch, and new audits after every code change before deployment
  • The audit-prep README says the tool runs an eight-phase automated readiness check and supports both Foundry and Hardhat projects
• Whitepaper: No canonical standalone CD Security whitepaper or litepaper surfaced in this pass. The clearest current sources of truth were the official homepage and about page, the public GitHub audit portfolio, the security-preparation guide, and the audit-prep skill README; see ../whitepapers/cd-security-primary-sources-2026-05-07.md.
• Sources:
  • https://cdsecurity.io/
  • https://cdsecurity.io/about
  • https://cdsecurity.io/blog/how-to-actually-prepare-web3-project-for-security-audits
  • https://github.com/CDSecurity/audits
  • https://raw.githubusercontent.com/CDSecurity/audits/main/README.md
  • https://github.com/CDSecurity/cdsecurity-skills/tree/main/audit-prep
  • https://raw.githubusercontent.com/CDSecurity/cdsecurity-skills/main/audit-prep/README.md

Internal linkages

• Keep this one short and upward.

• Best comparisons: certora, chainsecurity, and trail-of-bits.

• Last reviewed: 2026-05-29 UTC