Category: web3 security firm / public audit-report infrastructure / security research and auditor-education ecosystem
Summary: QuillAudits is best understood as a blockchain-security platform with a meaningful public audit corpus and education/tooling footprint, not just a smart-contract audit shop. Its official surface combines lifecycle security services, a large first-party GitHub audit-report repository, public exploit research, security-resource repositories, and a structured auditor-learning roadmap.
What it does:
Provides security services spanning design review, threat modeling, smart-contract and protocol audits, operational-security review, and post-audit monitoring
Publishes a large public repository of smart-contract audit reports under the Quillhash GitHub organization
Produces exploit and security-breach research such as its H1 2025 crypto exploits report
Maintains public educational and reference repositories including a smart-contract-auditor roadmap, Solidity attack-vector catalog, and web3-security-tools index
Operates adjacent academy / CTF training surfaces under the QuillAudits brand
Key claims:
The homepage frames QuillAudits as securing protocols across the full lifecycle with design security, AI-driven risk detection, adversarial audits, operational review, and live monitoring, which is a broader operating model than a one-off audit vendor
The homepage explicitly highlights design-security advisory work, AI-powered smart-contract vulnerability scanning, a “Vigilant Squad” model with 10-12 independent researchers per audit, and monitoring for signer anomalies, governance proposals, timelock changes, and unusual admin calls
The official GitHub organization describes QuillAudits as a leading smart-contract audit firm and claims 1500+ audited projects, 1M+ lines of code audited, and a public audit-report corpus accepted by 50+ exchanges
The dedicated audit-reports repository positions QuillAudits as maintaining a reusable public-report library rather than publishing occasional marketing PDFs, and it emphasizes manual plus automated review, documentation alignment, gas optimization, and code-quality analysis
The H1 2025 exploits report shows the firm also operates a public research layer: it says H1 2025 losses reached about $2.3B, with access-control and social-engineering failures dominating losses
The Smart Contract Auditor Roadmap, Solidity Attack Vectors repository, and Web3 Security Tools repository show a persistent first-party education and resource-curation footprint around training auditors and developers
Whitepaper: No canonical standalone QuillAudits whitepaper or litepaper surfaced in this pass. The clearest current sources of truth are the official site, the GitHub organization and audit-report repository, the first-party research pages, and Quillhash educational/resource repositories; see ../whitepapers/quillaudits-primary-sources-2026-05-02.md.