Make Security Your Strength

For most, security is a blind spot. It doesn't have to be that way.

That's why we offer audits, trainings, and consulting services backed by deep-dive security research.

Distinguish your business through best-in-class security and peace of mind for you and your customers.

Highest level of services in the industry.

Security Research

Dedicated to staying ahead of the rapidly evolving threat landscape, we conduct cutting-edge IT security research.

Trainings

Learn the skills you need to protect your business from cyber threats with our comprehensive IT security training.

Pentests

Keep your systems secure with our experienced pentesting team; we'll help you find the vulnerabilities you never knew existed.

Smart Contract Audits

Our team is known for finding many critical vulnerabilities in smart contracts. Get your contracts audited by our experts with a proven track record.

Testimonials

What our clients say

“Neodyme’s auditing, research and trainings keep everyone in the Solana ecosystem safer. The team at Neodyme has distinguished themselves with their attention to every aspect of smart contract security on Solana based on their experience with the core protocol going back to its early days.”

Anatoly Yakovenko
CEO of Solana Labs

“Neodyme is a young team with a lot of attention for detail. You can see their CTF background play well into their work as auditors. For them it’s a (nearly athletic) challenge, their motivation to find as many bugs as they can, in the shortest time possible is incredibly high. From all auditing firms I know of, they have the longest and deepest experience working with the Solana validator client and various dapps, including Mango.”

Maximilian Schneider
Co-Founder of Mango Markets

“The Neodyme training was a great experience for my team and me. The trainer Ruben manages seemingly effortlessly to convey even complex content in an exciting way, to respond to the different backgrounds of his participants and thus to create an informal learning atmosphere that stays with us even after the course.”

Rebecca von Fehrentheil
Information Security Manager at Uniklinik Bonn

“The collaboration with Neodyme is always professional and uncomplicated. We appreciate the fast communication channels and efficient processes. The employees are competent and distinguish themselves through high creativity. Here you also think outside the box!”

Moritz Prinz
Partner at TNG Technology Consulting

Find more content in our Blog

Our blog features posts from the world of cybersecurity, reverse engineering, research projects, solana and other blockchains, cryptography, and much more. If you're a developer, a security professional, or just an interested person, we are sure you will find something exciting to read! Here are some of our favorite posts to get you started!

CS:GO: From Zero to 0-day

We identified three independent remote code execution (RCE) vulnerabilities in the popular Counter-Strike: Global Offensive game. Each vulnerability can be triggered when the game client connects to our malicious python CS:GO server. This post details our journey through the CS:GO binary and conducts a technical deep dive into various identified bugs. We conclude by presenting a proof of concept (POC) exploit that leverages four different logic bugs into remote code execution in the game’s client, triggered when a client connects to the server.

Why Auditing the Code is Not Enough: A Discussion on Solana Upgrade Authorities

Recently, there’s been a lot of buzz around a DAO vote of Solend – one of Solana’s largest lending projects. It seeks to enact restrictions on large positions, and to temporarily take control of an existing user’s position in order to liquidate it in a controlled fashion. This can be done by upgrading the smart contract’s code.

But wait! Aren’t smart-contracts supposed to be immutable?

Only in a perfect world. No code is perfect and smart contracts aren’t either, so it can be necessary to change or fix them. This is called a program upgrade.

In this post, we’ll give an overview of one of the most fundamental and yet somehow often-overlooked aspects of the security of a smart contract, namely: Who has the power to initiate program upgrades? How can users be sure that the developers don’t make undesired changes? Or even worse, just run off with their money?

How a Little-Known Solana Feature Made Program Vaults Unsafe - Exploring Solana Core Part 1

Over the past year and a half, we have spent a lot of time looking at the Solana core code, reporting over 80 bugs of varying severity. This blog post is the first in a series detailing the most interesting vulnerabilities we found and reported in Solana core, hopefully inspiring more whitehats to keep the ecosystem safe. All bugs presented here were responsibly disclosed under the Solana bug bounty program and are now fixed.

Solana Smart Contracts: Common Pitfalls and How to Avoid Them

In this post, we want to raise awareness about the five most common vulnerabilities in Solana contracts that we keep finding during our audits. We’ll keep the vulnerability descriptions short and concise and provide a simplified example as well as a TL;DR for each vulnerability so that you can easily reference them while coding.

Make security your strength.
Ready to take the next step?

Solve your auditing, pentesting, training, consultation, or general security needs today. Our experts will help you turn a weakness into a strength.