Frequently Asked Questions

Audit timelines vary based on the size and complexity of your codebase. A typical audit takes 1-3 weeks for small to medium contracts (under 2,000 lines of code). Large or complex protocols with multiple interacting contracts may take 4-8 weeks. We provide a detailed timeline estimate after reviewing your code during the initial assessment.

Pricing depends on the scope, complexity, and size of your codebase. We provide custom quotes after an initial assessment of your project. Factors that influence cost include the number of contracts, the complexity of the business logic, the language/chain, and whether you need expedited delivery. Contact us at contact@cromshield.com for a free estimate.

When we identify vulnerabilities, we classify them by severity (Critical, High, Medium, Low, Informational) and provide detailed remediation guidance for each finding. After your team applies fixes, we perform a complimentary re-audit to verify that all issues have been properly resolved. The final report clearly shows which findings were addressed and how.

Yes. After a successful audit, we provide a security score certificate and a badge that you can display on your website, documentation, and marketing materials. This is verified on our platform and serves as a trust signal for your users and investors.

Our monitoring system continuously analyzes on-chain transactions for your deployed contracts. We use a combination of rule-based detection and machine learning to identify anomalous patterns — including flash loan attacks, unusual fund movements, governance manipulation, and known exploit signatures. When a threat is detected, instant alerts are sent through your preferred channels (Slack, PagerDuty, email, or custom webhooks).

We support Slack, PagerDuty, email, Discord, Telegram, and custom webhook integrations. Alerts can be configured by severity level, so critical threats reach your on-call team instantly while lower-severity items are batched for review. You can set up multiple channels simultaneously.

Absolutely. Our monitoring service works with any deployed contract, regardless of who performed the initial audit. We onboard your contract addresses and configure protocol-specific detection rules during setup. Many clients start with monitoring and later engage us for a full audit.

Cromshield supports 50+ blockchains including Ethereum, Solana, Arbitrum, Base, Avalanche, BNB Chain, Polygon, Optimism, and many more EVM and non-EVM networks. We audit smart contracts written in Solidity, Rust (Anchor/CosmWasm), Move, and other languages. If your chain isn't listed, reach out — we're constantly expanding our coverage.

We offer both. In addition to one-time audits, we provide continuous monitoring subscriptions, threat intelligence feeds, regular vulnerability re-scanning, compliance reporting, and incident response retainer agreements. Many clients combine an initial audit with ongoing monitoring for comprehensive coverage.

We respond to all inquiries within 24 hours. For standard audits, we can typically begin within 1-2 weeks of scoping. For emergency situations — such as active exploits or urgent pre-launch audits — we offer expedited engagements that can start within 24-48 hours. Contact security@cromshield.com for emergencies.

Yes. All client code and data is treated as strictly confidential. We sign NDAs before any engagement, enforce strict access controls internally, and never share your code with third parties. Audit reports are only published with your explicit written consent.