AASTAR AUDIT
ASTAR AUDIT · Smart Contract Security

We audit the math, not just the code.

Smart contract security for DeFi math primitives — AMM, bonding curves, lending protocols, and CDP systems.

How we work

Vulnerabilities in DeFi don't always look like bugs. They look like rounding errors, broken invariants, and edge cases at the boundary of the protocol's own mathematics.

Domain
DeFi math primitives
Method
First-principles review
Response
≤ 24 hours
§ 01 · The problem

Most audits check code against a list. We check code against its own logic.

Pattern-matching audits compare your code to a library of known bugs¹. If the vulnerability fits a known pattern, they catch it. If it doesn't, they miss it. Novel bugs, composition-layer vulnerabilities, and edge cases at mathematical boundaries all fall through.

DeFi protocols are built on mathematical invariants — properties that must hold true across every state transition. A rounding error in a lending protocol's interest calculation or an edge case in an AMM's bonding curve math can drain millions. These bugs don't match patterns. They violate invariants.

1. Static analyzers, signature-based scanners, and rule-driven linters.

§ 02 · Methodology

Three questions. Every function. Every path.

Our audit process starts from first principles, not from a checklist. For every state-changing function, we ask three questions:

If the invariant holds before a transaction, it must still hold after.

  1. Step i. Definition

    Identify

    What invariant must hold?

    We define the mathematical properties the protocol depends on — the equations, bounds, and relationships that must remain true for the system to be solvent and fair.

  2. Step ii. Theorem

    Analyze

    Does this state transition preserve it?

    We trace every code path that modifies state and verify it maintains the invariant. Rounding direction, precision loss, boundary conditions, and ordering dependencies are all examined.

  3. Step iii. Counter-example

    Break

    What inputs or call sequences could violate it?

    We construct concrete attack scenarios — specific parameter values, transaction orderings, and multi-step exploit paths that would break the invariant.

§ 03 · Research

Research

Published security analysis from the A Audit team.

§ 04 · Contact

Tell us about your project

Interested in an audit? Reach out with a brief description of your protocol, the codebase scope, and your timeline. We'll respond within 24 hours.

Email
contact@astaraudit.com
Response time
≤ 24 hours
Engagement
Security Review
Form 4.1 Audit inquiry

Opens your email client with the message pre-filled.