Category: smart-contract security firm / public audit-report corpus / audit methodology and checklist publisher / multichain security research infrastructure
Summary: Oak Security is better cataloged as multichain security infrastructure than as a narrow audit boutique. In this pass, the strongest first-party evidence came from the official site, the Oak GitHub organization, the public audit-reports repository, and the separate public resources repository. Taken together, those materials show a team that not only sells audits, but also maintains a large public audit corpus, classifies reports across many crypto stacks, publishes practical audit checklists and educational resources, and turns its incident and audit experience into reusable security knowledge for builders.
What it does:
Performs blockchain and smart-contract security audits, penetration testing, training, and advisory work across a wide range of crypto systems
Maintains a first-party public repository of completed audit reports released as PDFs once Oak and the client agree the audit is complete and findings are addressed
Organizes its public audit corpus by tech stack, including EVM, CosmWasm, Cosmos SDK, bridges, Polkadot/Substrate, Soroban/Stellar, Gno, Rust, ZK systems, rollups, Flow, Solana, Move, and offchain TypeScript systems
Publishes a separate public resources repository with audit-preparation material, methodology explainers, conference talks, incident-analysis posts, and security checklists
Positions itself as a research-heavy security team with expertise spanning cryptography, computer science, economics, engineering, and finance
Key claims:
The official site says Oak Security offers audits, penetration testing, training, and advisory, and highlights “600+” completed engagements plus a “View published reports” call to action
The GitHub organization description says Oak focuses on security auditing and cyber-security advisory services with special focus on third-generation blockchains
The audit-reports README says Oak has completed 600+ security audits across the Web3 ecosystem, covering DeFi, Layer 2 infrastructure, cross-chain bridges, privacy systems, and more
The same README shows Oak treating public reporting as structured infrastructure rather than a loose PDF dump: reports are grouped by concrete stack categories such as EVM, CosmWasm, Cosmos SDK, bridges, ZK systems, Solana, Move, and rollups
The resources README shows Oak publishing more than marketing collateral: it links a multi-layered audit-methodology explainer, “what is an audit?” material, Ethereum and CosmWasm audit checklists, ecosystem-specific conference talks, vulnerability spotlights, and incident writeups
Across the first-party materials, Oak looks less like a generic consultancy and more like a reusable security knowledge layer built around public reports, checklists, and incident-derived educational output
Whitepaper: No canonical standalone Oak Security whitepaper or litepaper surfaced in this pass. The clearest current sources of truth were the official site, the Oak GitHub organization, the public audit-report corpus, and the public resources repository; see ../whitepapers/oak-security-primary-sources-2026-05-03.md.