A security audit is an independent review of your codebase or infrastructure to identify vulnerabilities before they can be exploited. If your project handles user data, funds, or any public-facing code, an audit is a critical step before launch and an ongoing part of maintaining trust with users and partners.
A Curated Audit is a private, invite-only review performed by a small, handpicked team selected for your project's tech stack — ideal when confidentiality matters most. A Crowdsourced Audit opens your code to a much larger community of verified researchers competing to find vulnerabilities, offering broader coverage through diverse perspectives.
Traditional Crowdsourced Audit commits a fixed budget upfront, distributed across findings by severity. Conditional Crowdsourced Audit lets you pay only per severity level as valid findings are confirmed, with a 100% refundable deposit if the audit comes back clean.
Cost depends on the format, the size of your codebase, and the scope of the review. Curated Audits are priced as a fixed project fee agreed upon upfront. Crowdsourced Audits are priced per valid finding by severity. Pricing details are provided after an initial scoping call.
Most audits are completed within 1 to 4 weeks, depending on the size and complexity of your codebase. You'll receive a specific timeline estimate after the scoping stage.
All researchers on HackenProof undergo KYC verification. For Curated Audits, researchers are additionally handpicked based on track record and demonstrated expertise in your specific technology stack. For Crowdsourced Audits, we can set a minimum point threshold to ensure that only researchers with a proven track record are eligible to submit reports.
For Curated Audits, yes — researchers operate under an NDA, and nothing is made public until you choose to share it. Crowdsourced Audits are open-contest formats by design, so confidentiality works differently; ask our team if this is a requirement for your project.
A comprehensive final report detailing all confirmed findings, their severity, and recommended remediation steps. Curated Audit clients also get access to findings from Day 1, rather than waiting for the final report.
It depends on your priorities — confidentiality, budget structure, and coverage. Use the comparison table above, or schedule a call with our team, and we'll help you choose based on your project's specific needs.