Smart-contract audits
Manual review of on-chain logic: accounting, access control, upgradeability, oracle and economic assumptions, and the edges where they meet.
Independent cybersecurity · crypto & protocols
Adversarial security research for code that holds value.
Dakara Research is a small, senior practice. We focus on crypto: smart contracts, protocols, bridges, wallets, and the infrastructure they depend on. We'll also review any codebase where the stakes are real. Every engagement is built on reproducible evidence and a clear path to a fix.
Closer to a field notebook than a war room.
What we do
Evidence-led security review
A focused set of engagements. Most clients start with one and extend as trust builds.
Protocol & codebase review
The code around the contracts: bridges, keepers, indexers, signing services, node tooling. We also check codebases that share lineage with yours, where the same class of bug tends to recur. General codebase work outside crypto too, when the stakes justify it.
Bug bounty research
We map the full attack surface and validate every finding adversarially before it reaches you. We work alongside your existing program and keep the signal high.
Threat modeling
Practical attack-path mapping so a review starts with shared scope and the questions that actually matter.
Remediation review
Fix validation, regression checks, and a concise verified-fix memo your team and stakeholders can rely on.
How a finding reads
Severity, evidence, impact, and exactly how to act.
Findings are written for the engineer who has to fix them and the lead who has to decide. No drama, no padding. They cover what was tested, what we found, why it matters, and how we verified the fix once it closed.
scope: core-vault, settlement
DR-2026-014
Rounding direction lets a withdrawal exceed escrowed balance
Under a specific share-to-asset conversion path, rounding favors the caller. A scripted sequence drains a residual amount per cycle. Patch: round against the protocol on redemption; invariant test added.
How we work
A calm, legible engagement
01
Kickoff
Confirm scope, success criteria, access, timelines, and how disclosure is handled.
02
Review
Concise progress notes. We don't dramatize partial leads before they're validated.
03
Findings
Severity, affected component, exploitability, evidence, impact, and fix guidance.
04
Closeout
Final report, remediation review, verified-fix memo, and residual-risk notes.
Start a conversation
Tell us what you're shipping.
A short note about your protocol or codebase, the surface you're worried about, and your timeline is enough to begin. We'll tell you honestly whether we're the right fit.