Smart-contract audits
Manual review of on-chain logic: accounting, access control, upgradeability, oracle and economic assumptions, and the edges where they meet.
Independent cybersecurity · crypto & protocols
Adversarial security research for code that holds value.
Dakara Research is a small, senior practice. We focus on crypto — smart contracts, protocols, bridges, wallets, and the infrastructure around them — and review any codebase where the stakes are real. Every engagement is grounded in reproducible evidence and a clear path to a fix.
More field notebook than war room. More proof than performance.
What we do
Evidence-led security review
A focused set of engagements. Most clients start with one and extend as trust builds.
Protocol & codebase review
Off-chain services, consensus-adjacent code, bridges, keepers, and indexers. We also review codebases outside crypto where the risk warrants it.
Bug bounty research
We map the full attack surface, validate every finding adversarially before we surface it, and check codebases that share lineage with the target. A partner to your program, not a firehose.
Threat modeling
Practical attack-path mapping so a review starts with shared scope and the questions that actually matter.
Remediation review
Fix validation, regression checks, and a concise verified-fix memo your team and stakeholders can rely on.
How a finding reads
Severity, evidence, impact, and exactly how to act.
Findings are written for the engineer who has to fix them and the lead who has to decide. No drama, no padding — what was tested, what was found, why it matters, and the verification once it's closed.
scope: core-vault, settlement
DR-2026-014
Rounding direction lets a withdrawal exceed escrowed balance
Under a specific share-to-asset conversion path, rounding favors the caller. A scripted sequence drains a residual amount per cycle. Patch: round against the protocol on redemption; invariant test added.
How we work
A calm, legible engagement
01
Kickoff
Confirm scope, success criteria, access, timelines, and how disclosure is handled.
02
Review
Concise progress notes. We don't dramatize partial leads before they're validated.
03
Findings
Severity, affected component, exploitability, evidence, impact, and fix guidance.
04
Closeout
Final report, remediation review, verified-fix memo, and residual-risk notes.
Start a conversation
Tell us what you're shipping.
A short note about your protocol or codebase, the surface you're worried about, and your timeline is enough to begin. We'll tell you honestly whether we're the right fit.