Category: security-review and audit-readiness infrastructure / public audit-report corpus / multi-VM smart-contract and protocol security firm
Summary: CODESPECT is better cataloged as security-review and audit-readiness infrastructure than as a generic audit boutique. Its official web3-security page, GitHub organization profile, and open audit-preparation-guidelines repository jointly show a reusable operating layer around audits: a SEAL-aligned review methodology, a large and still-growing public audit-report corpus across Solidity, Cairo, Solana, and Move ecosystems, chain-specific audit-preparation guides and checklists, and even an audit-readiness skill for pre-engagement review. That combination makes CODESPECT notable not just for selling audits, but for publishing repeatable security process, public artifacts, and preparation tooling other teams can reuse.
What it does:
Performs smart-contract audits, protocol security reviews, architecture consultancy, and some infrastructure penetration-testing work for blockchain teams
Uses a four-phase review methodology on its web3-security page: static analysis, dynamic analysis, manual review, and formal verification
Explicitly aligns its methodology with Security Alliance (SEAL) frameworks and offers formal verification with Halmos and Certora as a premium add-on for higher-risk invariants
Focuses primarily on EVM, Solana, and Starknet engagements, while also advertising additional support for ecosystems such as Sui, Fuel, and Canton/Daml
Publishes a sizeable first-party list of completed reviews through its GitHub organization profile, including many public PDF reports and some non-public engagements
Maintains a public audit-preparation-guidelines repository with general, EVM, Solana, and Starknet prep guides plus chain-specific checklists
Ships an “audit-prep” readiness skill in that repo to score Solidity projects across dimensions such as tests, docs, dependencies, and deployment readiness before an audit starts
Key claims:
The official web3-security page says CODESPECT audits follow a four-phase, SEAL-aligned methodology covering static analysis, dynamic analysis, manual review, and formal verification
The same page says engagements usually take one to five weeks depending on codebase size, and that primary coverage is EVM, Solana, and Starknet with additional Canton/Daml, Fuel, and Sui support
The web3-security page says roughly 80% of exploited vulnerabilities are business-logic flaws that scanners cannot catch
The GitHub organization profile says CODESPECT provides smart contract audits, secure design and architecture consultancy, and tailored cybersecurity solutions for decentralized applications
The GitHub organization profile publishes a long finished-reviews table with public reports for projects such as Redstone Oracles, RemusDex, TokenTable, Swell, Kapan Finance, Hyperwave, BetterBank, Carina, AlphaHYPE, Canopy, Dutch, and Aegis DFF, while also marking some engagements as non-public
The audit-preparation-guidelines repository says protocols often waste audit budget on auditor orientation and that docs and tests matter as much as code for a productive review
The same repository publishes general plus chain-specific preparation guides for EVM, Solana, and Starknet, and includes a reusable pre-audit checklist covering code readiness, documentation, testing, and pre-engagement setup
The repository also advertises an audit-prep skill intended to assess Solidity projects before an engagement begins
Whitepaper: No canonical standalone CODESPECT whitepaper or litepaper surfaced in this pass. The clearest current sources of truth were the official web3-security page, the GitHub organization profile, and the public audit-preparation-guidelines repository; see ../whitepapers/codespect-primary-sources-2026-05-07.md.