DisclaimersDisclaimersDisclaimers

In cases where the number of findings exceeds 10 issues of Critical, High, and Medium severity combined, this shows that it is highly likely that we were constrained by time and more vulnerabilities are still present in the codebase. We strongly recommend conducting a second audit with another team of ours (reach out for a discount).

Once the audit begins, any changes to the codebase — no matter how minor — are not allowed. Even a small change can require significant audit effort, sometimes more than expected. Such changes can only be reviewed after the audit is complete and may incur an additional charge.

• Fixes should be submitted within 5 business days after receiving our findings.
• If this deadline is missed, an additional 5% charge will apply for the fix review, as our team will need extra effort to regain full context and properly verify the fixes.
• Major refactoring or large diffs are not accepted as part of the fix review. Reviewing your fixes should take no more than 2 business days. If more time is needed, a separate audit engagement may be required.
• We do not review fixes coming from separate/parallel audits, unless they are in the 5 days timeframe that we give for fixes.