CodeAudits..com
Home / FAQ

Questions investors ask before an audit.

If something you need isn't covered here, the fastest path is to send us the scope and ask directly.

What do you need from us to start?

The contract source code — ideally a repository link or the specific files and commit you want reviewed — plus any documentation, tests, and a short note on what the contracts are meant to do. The clearer the intended behavior, the sharper we can be about where the code diverges from it.

What kinds of contracts do you review?

Solidity smart contracts and EVM-based systems: tokens, vaults, staking, governance, and the contracts behind decentralized applications. If you're unsure whether a particular system fits, send the scope and we'll tell you plainly.

How long does a review take?

It depends on the size and complexity of the codebase and the depth of review required. Once we see the scope, we'll give you a realistic timeline before any work begins — we'd rather set an honest estimate than a convenient one.

Is our code and project kept confidential?

Yes. We treat all project materials and findings as confidential and review code privately. If you need a formal confidentiality agreement in place before sharing, we can work with that.

How are findings rated?

Each finding is classified as Critical, High, Medium, or Low based on its potential impact on users, assets, and protocol operations. The report leads with that breakdown so you know what to resolve first. The full scale is described on the Services page.

Do you re-review code after we fix the issues?

Yes. After remediation, we can conduct a follow-up review to verify that the identified issues have actually been addressed and that the fixes didn't introduce new problems. The goal is for you to rely on the corrected code, not the intention to correct it.

Does an audit guarantee the contracts are safe?

No — and we won't claim otherwise. A security review meaningfully reduces risk by surfacing vulnerabilities and deviations from best practice within the reviewed scope, but no audit can prove the absence of every flaw. We're explicit about what was reviewed and what an audit can and cannot establish.

Is this investment advice?

No. We provide a technical security assessment of the code. We don't advise on whether to invest, and our review is not an endorsement of any project. The findings are one input into your own diligence and decision.

How do we get a quote?

Send us the contracts and a short description of what you're evaluating through the request form. We'll review the scope and respond to discuss approach, timing, and next steps.

Still have a question? Ask it with the scope attached.

Request an audit

CodeAudits provides independent security reviews of smart contract source code. An audit reduces, but does not eliminate, the risk of vulnerabilities or loss, and is not investment advice, a guarantee of safety, or an endorsement of any project. Findings reflect the code and scope reviewed at a point in time. Investors should conduct their own diligence before committing capital.