Spearbit is a distributed network of independent Web3 security researchers organized via Cantina.
Spearbit website| Dimension | CODESPECT | Spearbit |
|---|---|---|
| Overview | Full-spectrum Web3 security house: smart contracts, pen testing, AI adversarial testing, red team, monitoring, ops security, delivered by one team. | TODO(operator) |
| Services covered | Smart Contract Audit, Penetration Testing, AI Adversarial Testing, Red Team, On-chain Monitoring, Operations Security. | TODO(operator) |
| Chains / VMs supported | Ethereum and EVM L2s, Solana (Anchor), Starknet (Cairo), Fuel (Sway), Sui (Move), Canton Network (Daml). | TODO(operator) |
| Audit methodology | 4-phase, SEAL-aligned: static analysis, dynamic analysis, manual review, formal verification (Halmos, Certora). | TODO(operator) |
| Engagement model | Small-team, senior-led, fixed-scope engagements. Triage retainers available on top of Guardrail monitoring. | TODO(operator) |
| Team size & seniority | Boutique team with senior researchers on every engagement. TODO(operator): add exact headcount. | TODO(operator) |
| Typical pricing band | Scoped per engagement: typically 1-2 week engagements for <1k LoC, 2-5 weeks for 1-4k LoC, 5+ weeks beyond that. Formal verification priced separately. | TODO(operator) |
| Typical timeline | 1-2 weeks (small), 2-5 weeks (mid), 5+ weeks (large). Fix-verification round included. | TODO(operator) |
| Safe Harbor / on-chain monitoring | Yes. Helps clients adopt Security Alliance Safe Harbor, sets up on-chain monitoring with our partner Guardrail, and provides triage retainers on top of Guardrail alerts. | TODO(operator) |
| AI adversarial testing | Yes. OWASP LLM Top 10, MITRE ATLAS, Google SAIF. Prompt injection, tool misuse, data exfiltration, guardrail bypass. | TODO(operator) |
| Red team / human ops | Yes. Social engineering, phishing, insider threat simulation. | TODO(operator) |
| Ideal customer | Web3 protocols that need one vendor to cover code, infra, AI, and humans, particularly teams wanting Canton/Daml coverage alongside EVM/Solana. | TODO(operator) |
Get a free 30-minute security assessment. We will review your codebase scope and flag the top 3 risk areas.
No commitment required. Typical audits start within 1–2 weeks.