Services

How we help.

Six engagements, scoped to fit. We work with DeFi protocols, crypto infrastructure, and the SaaS that supports them. Every engagement starts with a scoping call under NDA.

Practice areas
01Audit

Smart contract audit

Manual and automated review of EVM, Solana, Move and other contract platforms. Pre-launch hardening and ongoing review cycles.

  • Manual code review
  • Property-based fuzzing
  • Formal verification
  • Re-audit credit
DeliverableReport + remediationTimeline2–6 weeks
02Architecture

Protocol design review

End-to-end review of protocol invariants, economic mechanism, and threat model. Catch design flaws before they become contract flaws.

  • Mechanism review
  • Invariant mapping
  • Threat modeling
  • Edge-case analysis
DeliverableDesign memo + invariantsTimeline3–8 weeks
03Technical

Cross-chain security

Bridge, oracle and cross-domain attack-surface assessment. We look at the seams others miss.

  • Bridge architecture
  • Oracle integrations
  • Finality assumptions
  • Validator-set review
DeliverableThreat model + risk registerTimeline4–8 weeks
04Operations

OpSec & key management

Multi-sig and HSM configuration, deployment pipelines, treasury controls, incident runbooks. The off-chain you can't afford to get wrong.

  • Multi-sig design
  • Deployment review
  • Runbook authoring
  • On-call coverage
DeliverableControls map + runbooksTimeline3–6 weeks
05GRC + technical

SaaS & infrastructure

Web2 security for the off-chain stack: APIs, frontend, cloud, vendor risk. SOC 2 readiness when investors ask for it.

  • Web app pentest
  • Cloud config review
  • Vendor risk
  • SOC 2 readiness
DeliverableFindings + readiness pkg.Timeline3–6 weeks
06Response

Incident response

When it has already happened: triage, containment, forensics, post-mortem and stakeholder communication support.

  • 24h triage
  • Forensics
  • Post-mortem
  • Stakeholder comms
DeliverableIncident report + roadmapTimelineOn-demand
Not sure which one fits?30-min scoping call is free · always under NDA
Get Protected
Orthrus
Services

How we help.

6 practice areas · tap for scope
01 · AuditSmart contract audit2–6 weeks · Report + remediation+

Manual and automated review of EVM, Solana, Move and other contract platforms. Pre-launch hardening and ongoing review cycles.

  • Manual code review
  • Property-based fuzzing
  • Formal verification
  • Re-audit credit
02 · ArchitectureProtocol design review3–8 weeks · Design memo + invariants+

End-to-end review of protocol invariants, economic mechanism, and threat model. Catch design flaws before they become contract flaws.

  • Mechanism review
  • Invariant mapping
  • Threat modeling
  • Edge-case analysis
03 · TechnicalCross-chain security4–8 weeks · Threat model + risk register+

Bridge, oracle and cross-domain attack-surface assessment. We look at the seams others miss.

  • Bridge architecture
  • Oracle integrations
  • Finality assumptions
  • Validator-set review
04 · OperationsOpSec & key management3–6 weeks · Controls map + runbooks+

Multi-sig and HSM configuration, deployment pipelines, treasury controls, incident runbooks. The off-chain you can't afford to get wrong.

  • Multi-sig design
  • Deployment review
  • Runbook authoring
  • On-call coverage
05 · GRC + technicalSaaS & infrastructure3–6 weeks · Findings + readiness pkg.+

Web2 security for the off-chain stack: APIs, frontend, cloud, vendor risk. SOC 2 readiness when investors ask for it.

  • Web app pentest
  • Cloud config review
  • Vendor risk
  • SOC 2 readiness
06 · ResponseIncident responseOn-demand · Incident report + roadmap+

When it has already happened: triage, containment, forensics, post-mortem and stakeholder communication support.

  • 24h triage
  • Forensics
  • Post-mortem
  • Stakeholder comms
Get ProtectedNDA-first · stays with you while you scroll