Introduction

Stable Set Security is a cybersecurity consulting services firm specializing in smart contracts, created with one mission:
to bring critical systems-grade security and engineering practices to the next generation of financial instruments.

Offering a wide range of client-centric services, our aim is to begin viewing high value smart contracts and other enablers of the digital economy as critical infrastructure for which funds loss, downtime, or unexpected behaviors are unacceptable. Bringing a rich tradition of adversarial thinking and experience both smart contracts and traditional software engineering and analysis techniques, we seek to bring security and robustness to both our clients and the entire smart contract ecossytem.

Backing these goals is a commitment to quality, thorough, and open review. We clearly scope all of our services during both the bid process and delivery, and encourage our clients to publish our findings for community review.

Let us make sure your organization has the tools to handle the deployment and management of high value smart contracts. Contact us today!

Services

Tailored to fit your budget, organizational needs, and threat model, we offer our clients a wide range of custom services:

Code validation and best practices for smart contracts: The most basic of our services, we analyze a smart contract and its associated development process and infrastructure for security vulnerabilities. This includes a comprehensive annotated contract delivered with a report specifying its failure modes, operational dependencies, potential threats, and more. We will include a full assessment of the build and development infrastructure surrounding the smart contract, aiming to establish a process by which unsafe changes can be identified and avoided. This analysis will come with some on-chain guarantees about the execution of the target contract, as well analysis in the context of traditional software-engineering process and quality. A full code analysis is intended to give clients and users assurance that no known antipatterns, language or compiler-specific exploits, or programmer flaws are able to lead to funds loss.

Organizational risk assessment: This service features a report detailing potentially malicious actors, organizational risks, and the general adversarial landscape surrounding the deployment of a given contract. This service intends to provide an organization insight on how to understand and develop for the broader threat landscape surrounding the target application.

Comprehensive security audit: This service is intended to marry a traditional security audit to the culture of open development present around smart contracts. We will aim to study and identify any organizational policies that could prove problematic in the smart contract maintenance, implementation, and upgrade process. This service includes a report estimating the threat level faced by a particular smart contract, as well as identifying organizational, procedural, or governance issues that could become problematic as the smart contract evolves. This service aims to set an organization up with an effective process for reviewing and validating the ongoing security of their development process and codebase.

Best practices and techniques: Included with any of the above, our best practices suggestions help a development team understand what best practices in both smart contract development and traditional software engineering could be appopriate for specifying, developing, testing, documenting, or validating a given smart contract.

Additionally, we allow our customers to either publicize or withhold our findings at their discretion.

For more information on our services or a price quote, please contact us.

About

Stable Set Security is owned and operated by Phil Daian. With a background in traditional software engineering, validation, and verification, Phil brings a unique perspective on security to the smart contract space. Phil obtained his BS in Computer Science from the University of Illinois at Urbana-Champaign with specializations in security and programming languages, where he studied and built distributed systems and participated in formal verification research. After graduating, he worked in a formal verification startup funded by grants from Toyota, NASA SBIR, and the NSF to advance practical and lightweight formal verification technologies in the aerospace, automotive, and embedded systems domains. He is now pursuing his PhD in Computer Science at Cornell University with a concentration in systems, where his intended thesis focuses on smart contract security. He is currently involved in several ongoing research projects on smart contract security and distributed systems safety and deployment.

Phil has always had a penchant for decentralized and censorship-resistant technologies, and grew up spending his free time providing unsolicited penetration testing services to Tor hidden services (among other pursuits). He looks forward to playing a role the next generation of robust, secure, and transparent cryptoeconomic systems. He maintains a blog where he muses about cryptocurrencies (as well as guest writing for other blogs and outlets).

Contact Us

Email: Simply e-mail hello at our domain.

Phone: Call +1 646 374-2069 during business hours.

We recommend including a brief background on your target application and organization, and if available, any code written or security audits engaged thusfar.

Response may take up to a week. For emergency response or audits, please include "Emergency" in the Subject line.

Elements

Text

This is bold and this is strong. This is italic and this is emphasized. This is superscript text and this is subscript text. This is underlined and this is code: for (;;) { ... }. Finally, this is a link.


Heading Level 2

Heading Level 3

Heading Level 4

Heading Level 5
Heading Level 6

Blockquote

Fringilla nisl. Donec accumsan interdum nisi, quis tincidunt felis sagittis eget tempus euismod. Vestibulum ante ipsum primis in faucibus vestibulum. Blandit adipiscing eu felis iaculis volutpat ac adipiscing accumsan faucibus. Vestibulum ante ipsum primis in faucibus lorem ipsum dolor sit amet nullam adipiscing eu felis.

Preformatted

i = 0;

while (!deck.isInOrder()) {
    print 'Iteration ' + i;
    deck.shuffle();
    i++;
}

print 'It took ' + i + ' iterations to sort the deck.';

Lists

Unordered

  • Dolor pulvinar etiam.
  • Sagittis adipiscing.
  • Felis enim feugiat.

Alternate

  • Dolor pulvinar etiam.
  • Sagittis adipiscing.
  • Felis enim feugiat.

Ordered

  1. Dolor pulvinar etiam.
  2. Etiam vel felis viverra.
  3. Felis enim feugiat.
  4. Dolor pulvinar etiam.
  5. Etiam vel felis lorem.
  6. Felis enim et feugiat.

Icons

Actions

Table

Default

Name Description Price
Item One Ante turpis integer aliquet porttitor. 29.99
Item Two Vis ac commodo adipiscing arcu aliquet. 19.99
Item Three Morbi faucibus arcu accumsan lorem. 29.99
Item Four Vitae integer tempus condimentum. 19.99
Item Five Ante turpis integer aliquet porttitor. 29.99
100.00

Alternate

Name Description Price
Item One Ante turpis integer aliquet porttitor. 29.99
Item Two Vis ac commodo adipiscing arcu aliquet. 19.99
Item Three Morbi faucibus arcu accumsan lorem. 29.99
Item Four Vitae integer tempus condimentum. 19.99
Item Five Ante turpis integer aliquet porttitor. 29.99
100.00

Buttons

  • Disabled
  • Disabled

Form