Engagement & Pricing

We find your zero-days. If we don't, you get your money back. No other security firm on the planet offers this guarantee.

In Q1 2026, BlackHart research identified 25 critical and 31 high severity vulnerabilities across 15 protocols, with $28.7B+ in TVL at risk. Every finding is fork-validated with a passing PoC.

Protocols Audited

140+

Findings

Critical Vulnerabilities

$28.7B+

TVL at Risk

See how we validate findings with working exploits on mainnet forks.View Demo →

Zero-Day Hunt

The Money-Back Guarantee

We get 30 days to find a zero-day in your protocol. If we don't find a Critical or High severity vulnerability with a passing fork-validated PoC, you get your entire deposit back—minus the non-refundable audit fee that covers our operational costs.

No other security firm offers this. We can, because we find what others miss.

The Guarantee30 Daysto find your zero-dayor your money back

How It Works

Deposit

Upfront deposit held in escrow. Includes the non-refundable audit fee that covers 30 days of dedicated operations.

Hunt

30 days of dedicated adversarial research. 14 parallel attack models running against your codebase simultaneously.

Prove

Every finding is demonstrated on a mainnet fork with a passing PoC. Verified exploit value is calculated.

Settle

Zero-day found? Success fee is due. Nothing found? Full refund minus the audit fee. No disputes. No ambiguity.

TVL-Based Pricing

Pricing scales with the value we're protecting

Precision

$50M – $200M TVL

For growth-stage protocols that need to validate their security posture before scaling.

Upfront Deposit$250k

Success Fee$750k

Total (on success)$1M

Non-refundable audit fee$50k

Vanguard

Most Common

$200M – $1B TVL

For established protocols with significant TVL that demand the highest level of adversarial testing.

Upfront Deposit$500k

Success Fee$1.5M

Total (on success)$2M

Non-refundable audit fee$75k

Citadel

Enterprise

$1B+ TVL

For tier-1 protocols where a single exploit could mean nine-figure losses.

Upfront Deposit$1M

Success Fee$4M

Total (on success)$5M

Non-refundable audit fee$100k

What Qualifies as a Zero-Day

A finding qualifies for the success fee when it meets all three criteria. This protects both sides—we only get paid for real, demonstrable vulnerabilities.

verifiedCritical or High Severity

The vulnerability must result in direct loss of funds, protocol takeover, permanent freezing of assets, or equivalent economic impact. Medium and below do not qualify.

scienceFork-Validated PoC

The exploit must be demonstrated in a Foundry test running against a mainnet fork at the current block. No theoretical findings. The PoC must pass.

calculateVerified Economic Impact

The exploit value must be calculated and mutually verified. The finding must demonstrate real economic impact against deployed contracts with actual TVL.

Every Engagement Includes

check30-day dedicated zero-day hunting engagement

check14 parallel adversarial models against your codebase

checkFork-validated PoC for every finding

checkCross-contract and cross-protocol attack chain analysis

checkEconomic attack modeling with verified exploit values

checkActionable remediation guidance for every finding

checkPost-engagement remediation verification

checkFull findings report with severity classification

Ready to find out what others missed?

Tell us about your protocol. We'll assess your TVL tier and scope the 30-day engagement within 48 hours.