Hashlock-Auditing/hashlock-audits
GitHub: Hashlock-Auditing/hashlock-audits
这是一个Web3安全审计报告的公开仓库,用于提供智能合约审计的参考和学习资源。
Stars: 1 | Forks: 0
# Hashlock安全审计
[](https://hashlock.com)
[](https://hashlock.com/audits)
[](https://aiaudit.hashlock.com)
[](https://x.com/Hashlock_)
[](./LICENSE)
## Hashlock的业务
Hashlock通过手动智能合约审计、代币经济学审查、渗透测试、漏洞赏金运营和持续安全咨询来保障Web3生态系统。我们**与具体链无关,具备深厚的多链专业知识**。我们审计任何区块链和任何智能合约语言,我们的公开项目组合包括在Ethereum、Solana、Polkadot、Cosmos、Aptos、Sui、Starknet、Bitcoin、零知识电路以及许多其他生态系统上的数百项合作,根据要求也包括新兴的Layer 1。我们的审计师来自竞争性安全背景,在公开安全竞赛和漏洞赏金计划中拥有经过验证的成果。
## 知名客户
🚀 **近期且知名的项目合作**。在Web3行业中广为人知的名字:
[**Rocket Pool**](./clients/rocket-pool/)(以太坊流动性质押)·
[**1inch**](./clients/1inch/)(DeFi聚合)·
[**SushiSwap**](./clients/sushi-swap/)(多链DEX)·
[**Gala**](./clients/gala/)(Web3游戏)·
[**P2P**](./clients/p2p/)(机构级质押)·
[**Vana**](./clients/vana/)(用户拥有的AI数据)·
[**EigenLayer**](./clients/eigenlayer-contest/)(再质押)·
[**Energy Web**](./clients/energy-web/)(Polkadot基础设施)·
[**Manifest**](./clients/manifest/)(Cosmos应用链)·
[**Spicenet**](./clients/spicenet/)(Solana DeFi基础设施)
## 本仓库内容
Hashlock在Web3领域进行的数百次安全审计合作。我们**与具体链无关,具备深厚的多链专业知识**。我们的项目组合涵盖我们迄今合作过的每个主要生态系统中的智能合约、区块链协议、dApp和基础设施,包括**Ethereum, Solana, Avalanche, BNB Chain, Polygon, Arbitrum, Base, Berachain, Cosmos, Polkadot, Starknet, Sui, Aptos, Near, Kadena, Stacks, Bitcoin**等更多。如果你的链未列出,我们也同样审计。
每个客户文件夹包含:
- 📄 **公开合作**:包含发现、严重性评级和修复状态的完整审计报告PDF
- 🔒 **NDA合作**:在客户保密协议下的审计确认
**图例:** 🛡️ Hashlocked层级 · 🐛 活跃的漏洞赏金计划 · _NDA_ 完整报告保密
## 浏览项目组合
### 按生态系统
🟦 [Ethereum & EVM审计](./docs/categories/ethereum.md) · 🟣 [Solana审计](./docs/categories/solana.md) · 🔴 [Polkadot审计](./docs/categories/polkadot.md) · 🌌 [Cosmos审计](./docs/categories/cosmos.md)
### 按类别
💰 [DeFi审计](./docs/categories/defi.md) · 🎮 [游戏审计](./docs/categories/gaming.md) · 🏛️ [RWA审计](./docs/categories/rwa.md) · 🛡️ [Hashlocked项目](./docs/categories/hashlocked.md) · 🔒 [NDA合作](./docs/categories/nda.md)
### 安全文档
📋 [方法论](./docs/methodology.md) · ⚖️ [严重性定义](./docs/severity-definitions.md) · ⏱️ [审计流程](./docs/audit-process.md) · ❓ [常见问题](./docs/faq.md) · 🎯 [如何选择审计师](./docs/how-to-choose-an-auditor.md)
### 机器可读索引
📊 [audits.json](./audits.json)。供开发者、AI系统和集成使用的完整客户项目组合JSON格式。
## 精选审计
在[hashlock.com/audits](https://hashlock.com/audits)上展示的最知名项目,按最近时间排序。
- [**1inch**](./clients/1inch/) _NDA_
- [**Rocket Pool**](./clients/rocket-pool/)
- [**P2P**](./clients/p2p/) _NDA_
- [**SushiSwap**](./clients/sushi-swap/) _NDA_
- [**Gala**](./clients/gala/)
- [**Manifest**](./clients/manifest/) 🛡️ 🐛
- [**EigenLayer Competition**](./clients/eigenlayer-contest/)
- [**Spicenet**](./clients/spicenet/) 🛡️
- [**Vana**](./clients/vana/)
- [**Energy Web**](./clients/energy-web/) 🛡️
- [**Space and Time**](./clients/space-and-time/) _NDA_
- [**peaq**](./clients/peaq/) _NDA_
- [**Celo**](./clients/celo/)
- [**glue**](./clients/glue/)
- [**U2U**](./clients/u2u/)
- [**Algem**](./clients/algem/)
- [**Allbridge**](./clients/allbridge/) _NDA_
- [**Kadena**](./clients/kadena/)
- [**OpenZK**](./clients/openzk/)
- [**Balanced Network (Icon Foundation)**](./clients/balanced-network-icon-foundation/) 🐛
- [**Nexa**](./clients/nexa/)
- [**Silencio**](./clients/silencio/) _NDA_
- [**Redbelly Network**](./clients/redbelly-network/) _NDA_
- [**Beamable Network**](./clients/beamable-network/)
- [**Shezmu**](./clients/shezmu/)
- [**Primus Labs**](./clients/primus-labs/)
- [**Nodo**](./clients/nodo/)
- [**Sogni**](./clients/sogni/) _NDA_
- [**Lilypad**](./clients/lilypad/)
- [**Kingdomly**](./clients/kingdomly/)
[📂 浏览下方所有公开审计](#all-audits-public-reports) 或跳转至 [NDA合作](#audited-by-hashlock--nda-engagements)。
## 所有审计(公开报告)
以下项目已公开其完整的Hashlock审计报告。打开每个文件夹以获取详细的README和PDF。
_为保持完整性,下方保留了公开审计报告的完整字母顺序列表。我们建议使用上方的[类别页面](./docs/categories/)进行筛选浏览。_
- [**1001 Squares of NFT**](./clients/1001-squares-of-nft/)
- [**1Gogh**](./clients/1gogh/)
- [**5ire**](./clients/5ire/)
- [**a51 Finance**](./clients/a51-finance/)
- [**Adil Chain**](./clients/adil-chain/)
- [**Aegis**](./clients/aegis/)
- [**AgriDex**](./clients/agridex/)
- [**AI Protocol**](./clients/ai-protocol/)
- [**Allfeat**](./clients/allfeat/)
- [**Aqualis**](./clients/aqualis/)
- [**Aria Land**](./clients/aria-land/)
- [**AskJimmy**](./clients/askjimmy/)
- [**Avail**](./clients/avail/)
- [**Bad Development**](./clients/baddevelopment/)
- [**Balloon**](./clients/balloon/)
- [**Best In Slot**](./clients/best-in-slot/)
- [**Bethel**](./clients/bethel/)
- [**BiohackerDAO**](./clients/biohackerdao/)
- [**BitcoinTAF (BTAF)**](./clients/btaf-token-audit/)
- [**Black Tie**](./clients/black-tie/)
- [**Blockchat**](./clients/blockchat/)
- [**Blocknite**](./clients/blocknite/)
- [**Blockstreet**](./clients/blockstreet/)
- [**BoohooBear**](./clients/boohoobear/)
- [**Bundle**](./clients/bundle/)
- [**Cabal Labs**](./clients/cabal-labs/)
- [**Cache Wallet**](./clients/cache-wallet/)
- [**Carbonmark**](./clients/carbonmark/)
- [**Cartha**](./clients/cartha/)
- [**Catapult**](./clients/catapult/)
- [**CatSwap**](./clients/catswap/)
- [**CereBree**](./clients/cerebree/)
- [**Chedda Finance**](./clients/chedda-finance/)
- [**Chirper AI**](./clients/chirper-ai/)
- [**Coinsub**](./clients/coinsub/)
- [**CoPump**](./clients/copump/)
- [**Credbull**](./clients/credbull/)
- [**CrossCurve**](./clients/crosscurve/)
- [**Cryptaine**](./clients/cryptaine/)
- [**Cryptopunks Outbid**](./clients/cryptopunks-outbid/)
- [**DB Cherry**](./clients/db-cherry/)
- [**Debita Finance**](./clients/debita-finance/)
- [**Dedcat**](./clients/dedcat/)
- [**Defi Bull World**](./clients/defi-bull-world/)
- [**DelNorte**](./clients/delnorte/)
- [**Diffuse**](./clients/diffuse/)
- [**DigiShares**](./clients/digishares/)
- [**Dione**](./clients/dione/)
- [**DrDoge**](./clients/drdoge/)
- [**dTRINITY**](./clients/dtrinity/)
- [**Dunback Meadow**](./clients/dunback-meadow/)
- [**DVX**](./clients/dvx/)
- [**EIG Global Trust**](./clients/eig-global-trust/)
- [**Emergence.art**](./clients/emergence-art/)
- [**Enni**](./clients/enni/)
- [**ewe technology**](./clients/ewe-technology/)
- [**Exactly Protocol**](./clients/exactly-protocol/)
- [**Finceptor**](./clients/finceptor/)
- [**Flamatech**](./clients/flamatech/)
- [**FlareBank**](./clients/flarebank/)
- [**Fluidity Money**](./clients/fluidity-money-audit/)
- [**ForeGate**](./clients/foregate/)
- [**Forte AUD**](./clients/forte-aud/)
- [**Frenly**](./clients/frenly/)
- [**FROGY**](./clients/frogy/)
- [**Functionland**](./clients/functionland/) 🐛
- [**Futurity Galaxies**](./clients/futurity-galaxies/)
- [**FX1**](./clients/fx1/)
- [**Haiku**](./clients/haiku/)
- [**Hann Finance**](./clients/hann-finance/)
- [**Haven**](./clients/haven/)
- [**Haven1**](./clients/haven1/)
- [**Hedgecast AI**](./clients/hedgecast-ai/)
- [**helder**](./clients/helder/)
- [**Hikari Finance**](./clients/hikari-finance/)
- [**Honeypot**](./clients/honeypot-finance/)
- [**HyperCroc**](./clients/hypercroc/)
- [**HySwap**](./clients/hyswap/)
- [**IGNA**](./clients/igna/)
- [**IMF**](./clients/imf-international-meme-fund/) 🐛
- [**Immersve**](./clients/immersve/)
- [**Immutable Ratings**](./clients/immutable-ratings/)
- [**Indie.Fun**](./clients/indie-fun/)
- [**INDX**](./clients/indx/)
- [**Intiva Health**](./clients/intiva-health/)
- [**Ithaca Protocol**](./clients/ithaca-protocol/)
- [**IvyFi**](./clients/ivyfi/)
- [**Jedai**](./clients/jedai/)
- [**Jubi DAO**](./clients/jubi/)
- [**JuicyFi**](./clients/juicyfi/)
- [**K613**](./clients/k613/)
- [**Klima Protocol**](./clients/klima-protocol/)
- [**Layer Labs**](./clients/layer-labs/)
- [**Layer One X**](./clients/layer-one-x/)
- [**LazyMog**](./clients/lazymog/)
- [**Lend**](./clients/lend/)
- [**Levva**](./clients/levva/)
- [**LFG**](./clients/lfg/)
- [**Libertum**](./clients/libertum/)
- [**Liquido**](./clients/liquido/)
- [**Livermore AI**](./clients/livermore-ai/)
- [**Lizard Labs**](./clients/lizard-labs/)
- [**Lockon**](./clients/lockon/)
- [**Longtail**](./clients/longtail/)
- [**LottoPGF**](./clients/lottopgf/)
- [**Lucid Labs**](./clients/lucid-labs/)
- [**Lynx Finance**](./clients/lynx-finance/)
- [**Mad Cartels**](./clients/mad-cartels/)
- [**MarketDAO**](./clients/marketdao/)
- [**Mavryk**](./clients/mavryk/)
- [**Max**](./clients/max/)
- [**MediChainX**](./clients/medichainx-medxt/)
- [**Metaversal**](./clients/metaversal/)
- [**MezFi**](./clients/mezfi/)
- [**MindDAO**](./clients/minddao/)
- [**Miracle World**](./clients/miracle-world/)
- [**MiracleDigithread**](./clients/miracledigithread/)
- [**Molecula**](./clients/molecula/)
- [**Monstro**](./clients/monstro/)
- [**Montage Token**](./clients/montage-token/)
- [**Moonopol**](./clients/moonopol/)
- [**Moria**](./clients/moria/)
- [**MortgageFi**](./clients/mortgagefi/)
- [**MyDexBot**](./clients/mydexbot/)
- [**Myshell**](./clients/myshell/)
- [**Mytho**](./clients/mytho/)
- [**N4T**](./clients/n4t/)
- [**Narra Layer**](./clients/narra-layer/)
- [**Natix Network**](./clients/natix-network/)
- [**Nav Finance**](./clients/nav-finance/)
- [**Nebula**](./clients/nebula/)
- [**Neomi**](./clients/neomi/)
- [**Nexus**](./clients/nexus/)
- [**Noon Capital**](./clients/noon-capital/)
- [**NOTE Protocol**](./clients/note-protocol/)
- [**OmniSwap**](./clients/omniswap/)
- [**OnlyUp**](./clients/onlyup/)
- [**OObleck**](./clients/oobleck/)
- [**OpenGradient**](./clients/opengradient/)
- [**Orlyn**](./clients/orlyn/)
- [**PandaPump**](./clients/pandapump/)
- [**ParagonsDAO**](./clients/paragonsdao/) 🐛
- [**Paymatic**](./clients/paymatic/)
- [**Peacepal AI**](./clients/peacepal-ai/)
- [**Perena**](./clients/perena/)
- [**Petcoin AI**](./clients/petcoin-ai/)
- [**Pheasant Network**](./clients/pheasant-network/)
- [**PickYesNo**](./clients/pickyesno/)
- [**Pier Two**](./clients/pier-two/)
- [**PING**](./clients/ping/)
- [**PinLink**](./clients/pinlink/)
- [**Ponz**](./clients/ponz/)
- [**PoolOrbit**](./clients/poolorbit/)
- [**PoolParty**](./clients/poolparty/)
- [**Posse Studios**](./clients/posse-studios/)
- [**PredMart**](./clients/predmart/)
- [**PrimeInsights**](./clients/primeinsights/)
- [**Propto**](./clients/propto/)
- [**Pruv Finance**](./clients/pruv-finance/)
- [**qerra**](./clients/qerra/)
- [**r/datadao**](./clients/rdatadao/) 🐛
- [**Rank Trading**](./clients/rank-trading/)
- [**RDDTOR**](./clients/rddtor/)
- [**Rebase Finance**](./clients/rebase-finance/)
- [**RGB**](./clients/rgb/)
- [**Rocksolid**](./clients/rocksolid/)
- [**Root Network**](./clients/root-token/)
- [**Rubicon**](./clients/rubicon/)
- [**SafeHaven Exchange**](./clients/safehaven-exchange/)
- [**SatLayer**](./clients/satlayer/)
- [**Scall**](./clients/scall/)
- [**Scout Game**](./clients/scout-game/)
- [**Sensay.io**](./clients/sensay-io/)
- [**Shiba Classic**](./clients/shiba-classic/)
- [**SHSY**](./clients/shsy/)
- [**Silverswap**](./clients/silverswap/)
- [**Size Credit**](./clients/size-credit/)
- [**Soarchain**](./clients/soarchain/)
- [**Spectrum Staking**](./clients/spectrum-staking/)
- [**SPICE**](./clients/spice/)
- [**Spiral Stake**](./clients/spiral-stake/)
- [**Steer Protocol**](./clients/steer-protocol/)
- [**Stoneii**](./clients/stoneii/)
- [**Superset**](./clients/superset/)
- [**SwarmBase**](./clients/swarmbase/)
- [**T-Rize**](./clients/t-rize/)
- [**Talisman**](./clients/talisman/)
- [**Tand3m**](./clients/tand3m/)
- [**TapSwap**](./clients/tapswap/)
- [**tBTC**](./clients/tbtc/)
- [**Teneo**](./clients/teneo/)
- [**Tenexium**](./clients/tenexium/)
- [**The Winners Circle**](./clients/the-winners-circle/)
- [**Together Fun**](./clients/together-fun/)
- [**Tomcat**](./clients/tomcat/)
- [**Tons Money**](./clients/tons-money/)
- [**Ulalo**](./clients/ulalo/)
- [**Umbrae**](./clients/umbrae/)
- [**Urbit Token**](./clients/urbit-token/)
- [**VanaTensor**](./clients/vanatensor/)
- [**Verida Protocol**](./clients/verida-protocol-audit/)
- [**VIA Labs**](./clients/via-labs/)
- [**Vield**](./clients/vield/)
- [**Virovita**](./clients/virovita/)
- [**Voyager**](./clients/voyager/)
- [**Vrine**](./clients/vrine/)
- [**World3.ai**](./clients/world3-ai/)
- [**WORM**](./clients/worm/)
- [**XBO**](./clients/xbo/)
- [**XMAQUINA**](./clients/xmaquina/)
- [**Yieldo**](./clients/yieldo/)
- [**YKYR**](./clients/ykyr/)
- [**YOM**](./clients/yom/)
- [**Your Wallet**](./clients/your-wallet/)
- [**Zero Edge**](./clients/zero-edge/)
- [**ZetaChain**](./clients/zetachain/)
- [**Zeus Exchange**](./clients/zeus-exchange/)
- [**Zilliqa**](./clients/zilliqa/)
## Hashlock审计过的项目(NDA合作)
以下项目已委托Hashlock进行安全审计,完整报告仍受客户保密协议约束。合作本身已在[hashlock.com/audits](https://hashlock.com/audits)上公开披露。
- [**Archie**](./clients/archie/)
- [**Aveforge**](./clients/aveforge/)
- [**FVC**](./clients/fvc/)
- [**Lotus Finance**](./clients/lotus-finance/)
- [**Memez.GG**](./clients/memez-gg/)
- [**Midnight**](./clients/midnight/)
- [**Onyx**](./clients/onyx/)
- [**Parasail**](./clients/parasail/)
- [**Passphrase**](./clients/passphrase/)
- [**Potomac Capital Limited**](./clients/potomac-capital-limited/)
- [**Rakurai**](./clients/rakurai/)
- [**RPS Labs**](./clients/rps/)
- [**Tecnodes Network**](./clients/tecnodes-network/)
- [**Topos**](./clients/topos/)
- [**World Mobile**](./clients/world-mobile/)
- [**Zapme**](./clients/zapme/)
- [**Zenchain**](./clients/zenchain/)
## 关于Hashlock
Hashlock是一家总部位于澳大利亚的全球领先的Web3安全公司,专注于DeFi、游戏、RWA、AI和基础设施领域的智能合约审计和区块链安全。我们的审计师来自竞争性安全背景,已为整个生态系统中的数百个协议提供保障。
### 语言与生态系统(示例)
Hashlock**与具体链无关,具备深厚的多链专业知识**。我们审计任何区块链和任何智能合约语言。以下是来自我们项目组合的部分示例:
- **EVM (Solidity, Vyper)**: Ethereum, Polygon, Arbitrum, Base, BNB Chain, Avalanche, Berachain, Optimism 及其他众多EVM兼容链
- **Solana (Rust)**: 原生程序和Anchor框架
- **Polkadot, Kusama (Rust, Substrate)**: 自定义pallets、平行链、runtime模块、XCM
- **Cosmos生态系统 (Go, CosmWasm)**: Cosmos SDK应用链、IBC集成
- **Aptos, Sui (Move)**: 资源语义、对象所有权、abilities
- **Starknet (Cairo)**: 智能合约和ZK证明系统
- **零知识电路**: Noir, Circom 及其他证明栈
- **Bitcoin**: Bitcoin Scripts, BRC 20, Ordinals, Runes
- **我们审计过的其他生态系统**: Near, Kadena, Stacks, Mavryk, ICP, Cardano, Algorand, Tron, Tezos 等
- **根据要求可审计任何其他区块链或智能合约语言**,包括较新的Layer 1、新兴VM和新型密码学协议
如果你的链或语言未列出,请联系我们。我们可适应任何代码库。
### 核心服务
- **智能合约审计**: 手动、逐行安全审查
- **代币经济学审计**: 代币模型与激励设计审查
- **渗透测试**: 应用程序与基础设施安全测试
- **漏洞赏金计划管理**: 在Hashlock自己的漏洞赏金平台上运行
- **vCISO与安全咨询**: 持续的安全领导
- **CCSS认证支持**: 加密货币安全标准合规
- **[免费AI审计工具](https://aiaudit.hashlock.com)**: 由基于真实审计数据训练的定制调优LLM驱动
### 资源
🌐 **网站:** [hashlock.com](https://hashlock.com)
📋 **审计目录:** [hashlock.com/audits](https://hashlock.com/audits)
🤖 **免费AI审计工具:** [aiaudit.hashlock.com](https://aiaudit.hashlock.com)
📩 **申请审计:** [提交我们的RFI表格](https://hashlock.com/new-client-request-for-information)
🐦 **X / Twitter:** [@Hashlock_](https://x.com/Hashlock_)
## 联系方式
需要安全审计、渗透测试或持续安全咨询?[联系我们的团队](https://hashlock.com/new-client-request-for-information)。我们与从pre-launch初创公司到成熟协议的各种项目合作,覆盖所有主要的区块链生态系统。
关于本仓库的问题,请提交issue或通过info@hashlock.com.au联系我们。
_本仓库中的所有审计报告均在客户同意下发布。根据我们的标准合作条款,Hashlock保留报告内容的所有权。完整的免责声明、方法论和严重性定义,请参阅各个审计报告PDF。_
标签:AI审计, Aptos, Cosmos, DeFi审计, Polkadot, RWA审计, Solana, Starknet, Sui, Web3安全, Web3生态, 事件响应, 代币经济学, 以太坊, 区块链基础设施, 区块链安全, 可视化界面, 多链审计, 安全咨询, 安全审计报告, 审计服务, 智能合约审计, 智能合约语言, 比特币, 游戏审计, 零知识电路