Category: smart-contract security firm / dual-team audit-and-fuzzing infrastructure / public audit-report archive / security education community
Summary: Guardian Audits is better cataloged as security-distribution infrastructure than as a generic audit boutique. Its official site makes a strong methodological claim around two independent review teams, invariant-led smart-contract fuzzing, and thorough remediation review; its public GitHub organization and audit repository preserve a large corpus of public reports across major DeFi and infrastructure projects; and its Solidity Lab community extends the firm into public security education. That combination makes Guardian look like a reusable audit, testing, and knowledge layer rather than only a closed-door services vendor.
What it does:
Performs smart-contract audits for DeFi, NFT, and infrastructure teams with an explicitly multi-phase review and remediation process
Uses a two-team review model in which separate security researchers independently review the same codebase
Builds stateful fuzzing and invariant-testing suites as a core part of engagements rather than treating fuzzing as an optional add-on
Re-audits remediations and re-runs fuzzing during a dedicated remediation review window before finalizing the report
Maintains a large public GitHub audit archive spanning protocols such as GMX, Baseline Markets, Ethena, Dolomite, Foil, Gamma Strategies, Synthetix-adjacent systems, and many others
Operates Solidity Lab, a public learning community and knowledge base around Solidity attack vectors, common bugs, and auditor education
Key claims:
The homepage says Guardian uses “Two teams of elite Guardian Security Researchers” performing independent reviews on the same smart contracts
The homepage says every engagement includes a comprehensive stateful fuzzing suite and presents this as the way Guardian finds vulnerabilities “invisible to the naked eye”
The homepage says all remediations are reviewed by both teams independently and fuzzed thoroughly to ensure issues are fully patched and no new issues arise
The homepage says Guardian offers both flat-cost and pay-per-vulnerability pricing and officially recommends an additional independent security review when a client still has five or more High/Critical issues
The homepage FAQ says security reviews performed by Guardian are publicly posted on the Guardian GitHub, though some may remain confidential
The official case-studies page shows named public work across Synthetix LP Vault, USDT0, Yuga Labs, Synthetix, Poolshark, GMX, Orderly, Umami, Dolomite, and MIMSwap
The official blog post on why audited teams still get hacked says Guardian uses a two-team cross-checking audit model and treats invariant testing / smart-contract fuzzing as a key security layer to reduce human error
The public GitHub organization describes itself as “Institutional Grade Smart Contract Security,” and a shallow clone of the pinned GuardianAudits/Audits repository in this pass surfaced roughly 150 public PDF reports across many top-level project folders
The public Solidity Lab repository says the community exists to help developers and auditors learn Solidity security through an encyclopedia of attack vectors and bugs, the Auditor’s Handbook, practice audits, and shadow-audit opportunities
Whitepaper: No canonical standalone Guardian Audits whitepaper or litepaper surfaced in this pass. The clearest current sources of truth were the official site, case-studies page, public GitHub organization and audit repository, the invariant-testing blog post, and the Solidity Lab repository; see ../whitepapers/guardian-audits-primary-sources-2026-05-07.md.