How much does a smart contract audit cost?
It depends on the codebase and what you need — but you'll know exactly what you're paying before we start. Every engagement ships with a reusable invariant test suite.
Invariant Testing
From $15K
A reusable test suite that keeps protecting your protocol long after the engagement ends
- ✓Invariant test suite you own and run in CI forever
- ✓Echidna, Medusa, and Halmos coverage
- ✓Cloud fuzzing via Recon Pro during the engagement
- ✓Regression testing baked into every future commit
Best for: Pre-audit hardening, smaller codebases, or teams that want ongoing security infrastructure
Timeline: 1–2 weeks
Solo Review + Invariants
From $30K
Expert eyes on your code paired with automated property coverage — the sweet spot for most teams
- ✓Line-by-line manual code review by a senior researcher
- ✓Full invariant test suite included
- ✓Cloud fuzzing with Recon Pro
- ✓Detailed findings report with proof-of-concept exploits
- ✓Fix verification and re-test at no extra cost
Best for: Most DeFi protocols — the right balance of depth and budget
Timeline: 2–3 weeks
Full Audit
From $50K
Multiple researchers, formal verification, and unlimited fuzzing for protocols where security is non-negotiable
- ✓Multiple security researchers on your codebase
- ✓Deep manual review + comprehensive invariant testing
- ✓Formal verification with Halmos for mathematical guarantees
- ✓Unlimited cloud fuzzing campaigns with Recon Pro
- ✓Economic and incentive analysis
- ✓Post-audit support and fix review included
Best for: Complex or high-TVL protocols that need maximum coverage
Timeline: 3–6 weeks
Frequently Asked Questions
How much does a smart contract audit cost?
It depends on your codebase and what you need. A focused invariant testing engagement can start around $15K for smaller codebases. A combined manual review with invariant testing — which is what most teams choose — starts at $30K. Complex protocols with multiple researchers and formal verification start at $50K. We give you a fixed-price quote within 48 hours of looking at your code, so you know exactly what you're paying before we start.
What determines the price?
Three things: (1) How large is the codebase — more lines of code means more review time. (2) How complex is the protocol — a lending market with liquidations and cross-collateral support takes more work than a straightforward token contract. (3) What deliverables you want — invariant testing only, manual review + invariants, or the full package with formal verification.
Do you charge hourly?
No. Every engagement gets a fixed-price quote upfront. After we review your codebase (usually within 48 hours), we send you a number. That's the price. No hourly surprises, no scope creep charges. Fix verification is included.
What do I actually get?
Every Recon engagement ships with: a findings report, a reusable invariant test suite (yours to keep and run in CI), cloud fuzzing via Recon Pro during the engagement, fix verification, and direct access to your security researcher the whole time. Most audit firms hand you a PDF. We hand you ongoing security infrastructure.
Can we start small and expand later?
Absolutely. Many teams start with an invariant testing engagement to harden their code before a larger audit. Once you have the test suite, it runs in CI on every commit — so you're protected while you plan the next phase. When you're ready for manual review or a full audit, we build on the test suite that already exists.
Send us your code — we'll send you a number
Share your codebase and we'll scope the engagement within 48 hours. Fixed price, no hourly billing, no surprises. Start small or go deep — your call.