How much does a smart contract audit cost in 2025?
By Alex · Security researcherHow much does a smart contract audit cost in 2025?
A smart contract audit costs between $15,000 and $120,000 for most DeFi protocols, depending on scope and complexity. That's the short answer. The real answer depends on what you're buying, and whether it'll actually protect your protocol.
I'll break down the pricing tiers and what drives the numbers, plus how to get the most security value per dollar. If you want to understand what a modern audit looks like first, read what to expect from an audit in 2025.
Request a quote — we'll review your codebase and respond within 48 hours.
Price ranges by audit type
Not all audits cover the same ground. Here's what the market looks like in 2025:
| Audit type | Price range | Typical duration | What you get |
|---|---|---|---|
| Manual review only | $15,000 - $80,000 | 1 - 4 weeks | Line-by-line expert review, PDF report with findings |
| Invariant testing + fuzzing | $20,000 - $60,000 | 1 - 3 weeks | Executable test suite, fuzzing campaigns, coverage report |
| Combined (manual + invariant testing) | $30,000 - $120,000 | 2 - 6 weeks | Full manual review plus delivered test suite and fuzzing |
| Continuous security retainer | $5,000 - $15,000/month | Ongoing | CI integration, re-audits on new commits, property updates |
The combined approach catches the most bugs. Manual review finds logic errors and design flaws that require human reasoning. Invariant testing finds stateful bugs that humans miss, like rounding errors that compound over thousands of transactions.
What drives audit cost
Scope measured in nSLOC (normalized source lines of code) is the single biggest cost factor. A 500 nSLOC token contract is a different engagement than a 10,000 nSLOC lending protocol.
Other factors that move the price:
- Contract complexity: a simple vault costs less to audit than a cross-chain bridge with custom oracle logic.
- Number of external integrations: each oracle, AMM, or lending pool your protocol touches adds attack surface.
- Timeline pressure: rush engagements (under 2 weeks) cost 20-50% more.
- Prior security work: protocols with existing test suites and clean static analysis results take less time.
- Chain and language: Solidity on EVM chains is standard pricing. Rust on Solana, Move on Aptos, or Cairo on Starknet may cost more due to smaller reviewer pools.
Cost comparison: audit approaches
DeFi audit pricing varies widely depending on which approach you pick. Here's how they stack up:
| Approach | Typical cost | Bugs found | Ongoing value |
|---|---|---|---|
| Manual review only | $15K - $80K | Logic errors, access control, design flaws | PDF report (goes stale) |
| Invariant testing only | $20K - $60K | Stateful bugs, rounding, accounting errors | Executable test suite (runs in CI) |
| Formal verification | $50K - $200K+ | Mathematical proof of specific properties | Proofs valid until code changes |
| Automated scanners only | $0 - $5K | Known patterns, low-hanging fruit | High false positive rate |
| Combined manual + invariant | $30K - $120K | Broadest coverage across all bug classes | Report + test suite + CI integration |
Automated scanners alone aren't audits. They're a starting point. Slither and similar tools catch known patterns but miss any bug that requires multi-transaction reasoning.
The ROI calculation
An audit that costs $80,000 looks expensive until you compare it to the alternative.
The Euler Finance exploit of March 2023 drained $197 million. Mango Markets lost $114 million in October 2022. Even "small" exploits regularly drain $1-10 million. These protocols had audits, but their audits didn't include invariant testing or long-duration fuzzing campaigns.
Here's a simple expected-value calculation for a protocol with $10M TVL:
| Factor | Value |
|---|---|
| Probability of exploitable bug (unaudited) | ~30% |
| Average loss if exploited | $5,000,000 |
| Expected loss without audit | $1,500,000 |
| Cost of combined audit | $80,000 |
| ROI | 1,775% |
That's before counting the secondary costs: token price collapse and legal liability, plus months of development time diverted to incident response. We cover these numbers in detail in the true cost of not auditing.
What's included at each price point
$15K - $30K (small scope, manual only): 1-2 senior reviewers for 1 week. Static analysis. Findings report with severity ratings and fix recommendations. Best for token contracts, simple vaults, or single-purpose contracts under 1,000 nSLOC.
$30K - $60K (medium scope, combined): 2-3 reviewers for 2-3 weeks. Manual review plus invariant test suite with fuzzing campaigns. The fuzzing cost is baked into the engagement — you're not paying extra for it. Delivered Chimera-based test suite you can run in CI. Suitable for most DeFi protocols between 1,000 and 5,000 nSLOC.
$60K - $120K (large scope, comprehensive): Full team for 3-6 weeks. Deep manual review, extensive invariant testing, formal verification of critical paths. Multiple fuzzing campaigns with long-duration runs. Re-audit of fixes included. This covers complex lending protocols, DEXs with concentrated liquidity, and cross-chain systems above 5,000 nSLOC.
$5K - $15K/month (continuous retainer): Ongoing security coverage. Properties updated when code changes. Fuzzing runs on every PR. Priority scheduling for new feature audits. This is how you keep security from going stale after the initial engagement.
How to get the most value from your budget
Start with a clean codebase. Protocols that arrive with passing tests and clean Slither output save auditors time on setup, which means more time spent finding real bugs.
Freeze your code before the engagement starts. Scope changes mid-audit are the fastest way to blow past budget.
Invest in the test suite deliverable, not just the report. A PDF report loses value the moment you change a line of code. An invariant test suite keeps catching bugs as you build. It's the only audit deliverable with a shelf life beyond the engagement.
Don't shop on price alone. A $20K audit that misses a critical bug costs you nothing upfront and everything later. Ask firms for case studies with specific bugs found and verify they deliver executable test suites.
Consider a retainer for active development. One-time audits protect a snapshot of your code. If you're shipping weekly, continuous security testing through CI/CD integration is the only way to stay covered.
Related resources
- Smart contract audit services — scope and process for a Recon engagement
- DeFi security audit — specialized audit for DeFi protocols
- The true cost of not auditing — the business case for security, backed by real data
- What is invariant testing? — how property-based testing catches bugs manual review misses
- What is a smart contract audit? — the complete guide to audit types and processes
Get a quote for your audit — we'll review your codebase and respond within 48 hours. Request an audit with Recon and tell us about your protocol.