“Perfection is not attainable, but if we chase perfection we can catch excellence.”
-Vince Lombardi
Unveiling Enigma Dark
Enigma Dark is composed of an elite group of researchers where everyone is an absolute specialist in a different niche skill, complementing the overall guild. We are cryptographers, fuzzing and formal verification engineers, elite white hats, and auditors.
Enigma’s mission:
Our mission is to establish a new way of doing security on the web3 space. Everyone focuses on audits and tooling, while the main problems are:
How the smart contracts are developed. If the protocol is designed incorrectly from the start, you can go through any number of audits but will very likely still stumble upon nasty issues once you're finished.
Bad choices when selecting an auditing company, either because development teams are pressured by investors or they don’t understand that their code is audited by individuals in a company, not the company itself. If you don’t know anything about who is auditing your code, chances are that’s not the best fit.
Inadequate testing of the protocol before auditing or inefficient testing methods.
Lack of fuzzing and other advanced forms of testing.
Overspending on audits because early mistakes left the protocol in a weak security state.
Underspending in security because you got an audit by a marketing firm which raised 1 issue and you feel a false sense of confidence while the code remains problematic.
Critical mistakes on deployments due to lack of review of deployment scripts. At Enigma Dark, we tackle all of these mistakes by working closely with protocols, not just by auditing their code, but by hanlding and addressing all their security concerns.
There are two main products that differentiate us from any other firm:
360 security advisory:
Smart contract security is incredibly complex and novel. Most of the developer teams are not familiar with it therefore the standard procedure is to
develop -> unit test -> go for an audit -> deploy
This approach is fundamentally flawed and leaves significant security gaps. With our experience and expertise, we guide protocols to achieve the absolute pinnacle of security practices.
We help with the overall structure, such as setting up CI/CDs, architecting the protocol securely, encouraging teams to use effective testing techniques (BTT), advising on specific spots where the testing needs to be hardened, developing a whole invariant suite, fully auditing your codebase, structuring other rounds of audits with other independent researchers or public audits, breaking down your bug bounty program, and setting up on-chain monitoring solutions.
We help with the entire process, elevating your protocol's security to the next level.
Elite level fuzzing (fuzzing on steroids):
Enigma stands above any other company that provides fuzzing because we have Victor Martínez, an amazing fuzzing engineer and a great auditor. Most researchers offering fuzzing engagements are not actually auditors, which reduces the overall engagement performance due to the creation of basic invariants and a lack of a "breaking-things" mindset.
Our 3 main services:
Manual Security Reviews (Audits): Our researchers conduct an exhaustive manual review of the smart contract code. This process involves carefully examining every line of code to detect potential vulnerabilities. The number of researchers assigned varies based on the complexity, size, and type of protocol, with a minimum of 2 researchers dedicated to each audit.
Invariant testing (fuzzing): Our engineers work closely with your team and our researchers to identify key invariants from your codebase and test them using tooling like Echidna and Medusa. Our Co-Founder and Lead Security Researcher Victor, has an impressive track record doing the best fuzzing suites in the world for protocols like Euler, Tapioca DAO and Maple.
360 security advisory: This is the full package of security, and how our Co-Founder and Lead Security Researcher 0xWeiss, has brought protocols from a very weak security state to a secure and battle-tested pre-deployment codebase. Leveraging our years of experience in the industry, our contacts and knowledge, we familiarize ourselves with your protocol's code and elevate it to the highest security standards. We demystify the state of the codebase and design the security pipeline that the protocol needs.
Audits, invariants, bug bounties, testing, development practices, new hires, on-chain monitoring: we help with everything to get your protocol to the security hall of fame.
If you want to work with our team, reach out and tell us about your project.
-Enigma Dark
Securing the shadows