We have expertise across multiple DeFi protocols, layer one solutions, marketplaces, and more.
Vidma focuses on ethereum virtual machine (EVM) ecosystems such as:
Vidma specialists provide a range of security services to ensure the reputation and prosperity of your project. Safety comes first! Chose the service that suits your needs.
Back in 2020, we conducted our first smart contract audit. For the first 105 audits, our security experts worked under the brands of two partner companies. In 2021, after perfecting our expertise, Vidma was formed- we've done over 130 audits and counting.
Thanks to our professional team, techniques, and methods, we've managed to reveal plenty of security and operational issues with different severity levels. We've saved a day for a lot of projects and are proud to be ongoing security partners for many of them.
Below we've tracked the number of issues our team has found on all past projects.
EGMigrate is a dApp for projects and token holders to upgrade smart contracts and swap old tokens for new ones. This EG’s technology allows seamlessly provide new tokens to their holders in a decentralised, secure way.
EG’s mission is to leverage community action and blockchain technologies to grow a global movement that defies the status quo and makes profitability intrinsically linked to positive social impact.
On May 28th the exploit of Mirror Protocol has drained around $2M. Turns out it was not the only and not the first hack of the protocol.
In October 2021, Mirror Protocol faced a $90M exploit which went unnoticed until last week.
The price submit() function was publicly callable, which made the protocol's price oracle was vulnerable.
The attacker was able to drain all assets from the platform using just 100 FTS (~4.5$ at pre-hack prices) as collateral.
Attacker’s address - 0xA6AF2872176320015f8ddB2ba013B38Cb35d22Ad
Front-end side of the project was exploited. In the result, users swapping, adding or removing liquidity on the protocol had the output funds redirected straight into the attacker’s wallet.
It lasted around 3 hours, until the project team shut down the front-end. In discord they stated not to do anything with the website at that time.
"MM.finance site was the subject of a DNS attack earlier where an attacker managed to inject a malicious contract address into the frontend code. Attacker used a DNS vulnerability to modify the router contract address in our hosted files." - stated Mad Meerkat Finance team.
Attacker’s address: https://cronoscan.com/address/0xb3065fe2125c413e973829108f23e872e1db9a6b
An estimated $14 billion was lost through crypto bugs and hacks in 2021
Feel free to use the contact form below for information regarding an audit or a pentest with us.