Smart Contract Audits

Security audits for onchain games.

Bitfragments audits smart contracts, NFT minting systems, marketplace logic, reward contracts, treasury flows, access control, and exploit paths before launch.

Request Audit ↗ Audit Scope ↗

Audit scope.

Every audit focuses on real attack surfaces: permissions, asset movement, claims, withdrawals, upgrades, player abuse, and economic failure points.

01

Contract logic review

Manual review of Solidity contracts, permissions, state changes, inheritance, external calls, and unsafe assumptions.

  • Access control
  • Upgrade risks
  • Reentrancy checks
02

NFT & minting review

Audit of NFT item contracts, supply limits, claim validation, metadata security, transfer logic, and duplicate mint paths.

  • Mint restrictions
  • Supply integrity
  • Metadata protection
03

Reward & treasury review

Assessment of reward distribution, payout controls, treasury withdrawals, admin roles, emissions, and abuse scenarios.

  • Claim abuse
  • Withdrawal safety
  • Inflation risks

Audit process.

A structured review from initial code intake to remediation validation, built to give your team clear and actionable security fixes.

STEP 01

Code intake

We review repositories, deployment plans, contract architecture, permissions, and known risk areas.

STEP 02

Manual audit

Security researchers inspect logic, edge cases, attack paths, admin controls, and economic assumptions.

STEP 03

Findings report

You receive severity-ranked findings with impact, affected code, reproduction notes, and recommended fixes.

STEP 04

Retest

After fixes are implemented, patched contracts are reviewed again before deployment or public launch.

Example audit checks.

The review covers both standard smart contract vulnerabilities and game-specific abuse patterns.

review /contracts/NFTItems.sol
↳ unchecked mint permission: flagged
↳ duplicate claim path: blocked
review /contracts/Rewards.sol
↳ reward cap bypass: critical
↳ claim replay scenario: high
review /contracts/Treasury.sol
↳ admin withdrawal risk: medium
CHECK

Access control

Owner roles, admin privileges, multisig assumptions, privileged minting, emergency functions, and upgrade authority.

CHECK

Asset safety

NFT duplication, unauthorized transfers, metadata manipulation, fake ownership states, and broken burn logic.

CHECK

Claim security

Replay attacks, duplicate claims, weak signatures, session abuse, missing expiry, and predictable identifiers.

CHECK

Economic abuse

Infinite rewards, bot farming, wallet splitting, emission pressure, reward manipulation, and treasury drain paths.

Audit deliverables.

Your team receives a clean technical report with practical fixes and final retest confirmation.

01Executive summary
02Technical findings
03Severity ratings
04Affected code references
05Impact explanation
06Reproduction notes
07Fix recommendations
08Retest results
09Deployment notes
10Final audit statement

Request a security audit.

Request Audit ↗ View Scope ↗