Summary: Oxorio is better cataloged as public security-review infrastructure than as a narrow audit boutique. In this pass, the clearest first-party evidence came from the official site, the smart-contract-audits page, the public-audits repository, and Oxorio’s own annual security-report post. Together, those materials show a firm that not only performs manual reviews across Solidity, Cairo, Rust, and Vyper stacks, but also maintains a consent-based public audit corpus, ships interactive web reports instead of relying only on PDFs, and publishes first-party analysis of ecosystem security trends.
What it does:
Performs smart-contract audits, code reviews, pre-audits, subscription audits, penetration testing, formal verification, and zero-knowledge-oriented security work
Maintains a public audit-report portfolio with downloadable PDFs and interactive web reports for client-approved engagements
Positions its audit practice as covering off-chain infrastructure, deployment scripts, contract updates, and adjacent modules rather than only isolated Solidity code
Publishes annual or thematic research summarizing vulnerability counts, reviewed code volume, and macro security trends observed across audited projects
Uses an interactive reporting system that exposes finding severity, code location, and remediation status in a web-native format
Key claims:
The homepage says Oxorio provides smart-contract audits and security solutions, and lists services including code review, penetration testing, incident reports, formal verification, and zero-knowledge solutions
The homepage presents cumulative metrics including more than 103k non-comment lines audited, 1,174 total issues identified, and more than $25B in total value locked across audited projects
The smart-contract-audits page says Oxorio audits Solidity, Cairo, Rust, and Vyper systems, covers Layer 2, zero-knowledge, and EVM-based solutions, and differentiates among code review, pre-audit, full audit, and subscription-audit offerings
The same page says Oxorio’s audits go beyond immediate scope to include interactions with other modules and systems, deployment scripts, contract updates, and off-chain infrastructure, and says clients receive interim reports every 1–2 weeks
The public-audits repository says Oxorio is a blockchain security firm specializing in smart contracts, zk solutions, and security consulting, and notes that all public reports are published with client consent
That repository exposes a substantial public report corpus spanning projects such as Lido, Aave, Privacy Pools, WisdomTree, Altitude, and others, often with both PDF and interactive web-report links
Oxorio’s 2023 security report says the team audited 46,764 lines of code, identified 529 vulnerabilities, and used the resulting dataset to summarize emerging industry security trends such as rollups, liquid staking, and the rising need for formal verification and pentesting
Whitepaper: No canonical standalone Oxorio whitepaper or litepaper surfaced in this pass. The clearest current sources of truth were the official site, the smart-contract-audits page, the public-audits repository, and Oxorio’s annual security-report post; see ../whitepapers/oxorio-primary-sources-2026-05-04.md.