AI-Assisted Security Audit

Multi-Domain Security. Delivered in 72h.

Q: How do I start?

DM @Innora_sg on X or email security@innora.ai with your target description and scope. We confirm the timeline and price within a few hours.

Web3 smart contracts, IoT firmware, automotive ECU systems, and mobile APK — all covered by a researcher with 31+ CVEs across APAC's most critical infrastructure.

Singapore-based. Flat fee. Pay after delivery. AI-assisted pipeline with human expert review.

DM @Innora_sg to Start [email protected]

Feng NingSecurity Researcher & Founder, Innora.ai

Independent security researcher with 31+ CVEs across automotive, Web3, and AI systems. Author of the Hyperlane ISM analysis, ERC-4337 paymaster drain research, and the Kelp DAO LayerZero forensic report.

@Innora_sg sgInnora [email protected]

24 – 72h

Turnaround

$3K – $10K

Price range

After delivery

Payment

Always included

Critical PoC

What you receive

Every engagement includes the same deliverables.

PDF Report

Severity-ranked findings with root cause analysis and remediation steps.

Foundry PoC

Runnable exploit for every Critical and High — you can verify it yourself.

Fix Verification

One round of re-review after you patch. We confirm the fix holds.

24–72h Turnaround

Scope confirmed on day 0. Report delivered within agreed window.

Pricing

Scope confirmed before work begins — no surprise overruns.

≤ 500 LOC

Focused Review

$3,000

Delivered in 24h · Pay after

Single contract or module
PDF report
Foundry PoC (Critical/High)
Fix verification round

Start with DM

Most Common

500 – 2,000 LOC

Protocol Audit

$5,000 – $7,000

Delivered in 48h · Pay after

Multi-contract system
Full PDF report
PoC for all Critical/High/Medium
Fix verification + re-review
Architecture commentary

Start with DM

2,000 – 5,000 LOC

Full System

$8,000 – $10,000

Delivered in 72h · Pay after

Full protocol coverage
Threat model document
PoC for all findings
Two fix-verification rounds
Architecture commentary
Post-fix memo

Start with DM

Scope coverage

Attack classes that have caused real on-chain losses.

Reentrancy & cross-function reentrancy
Access control & privilege escalation
Flash loan & economic attack vectors
Oracle manipulation & price staleness
Signature replay & permit abuse
ERC-4337 paymaster / UserOp logic
Integer overflow / precision loss
Unsafe external calls & callback hooks

Past findings

Representative examples from previous work.

Kelp DAOLayerZero BridgeCritical

Impact: $292M at risk

Cross-chain rsETH bridge exploit via LayerZero message manipulation.

Read full analysis →

HyperlaneISM ReplayCritical

Impact: $2.5M

Validator set manipulation via replayed attestations bypassed message security.

Read full analysis →

ERC-4337Paymaster DrainHigh

Impact: $400K+

postOp validation gap allows fee extraction without token transfer.

Read full analysis →

CUDA BIP39Entropy CorruptionCritical

Impact: N/A

Negative-shift wrap-around silently corrupts 93.75% of key search space.

Read full analysis →

How it works

Submit scope

DM @Innora_sg or email with your target and scope description. We reply with a price and timeline within a few hours.

Review begins

Once scope is agreed, we start immediately using our AI-assisted pipeline. No upfront payment required.

Report + PoCs

You receive the full report and runnable exploits or PoCs for all Critical and High findings within the agreed window.

Pay after review

Payment is due within 48h of delivery — USDC or wire. One fix-verification round is included.

FAQ

Do I pay before or after?

After. We deliver the report and PoCs first. Payment is due within 48h of delivery via USDC or wire transfer.

What if you find nothing?

You still receive a written scope-coverage report documenting what was reviewed and how. No charge reduction — if we find nothing, it means nothing exploitable was found under the agreed scope.

Do you cover both Web3 and hardware/firmware targets?

Yes. Our team operates across Web3 smart contracts, IoT/embedded firmware, automotive ECUs (ISO 21434), and Android APK. Each domain has a dedicated methodology and AI-assisted toolchain.

How do I start?

DM @Innora_sg on X or email [email protected] with your target description and scope. We confirm the timeline and price within a few hours.

Do you sign NDAs?

Yes. We sign mutual NDAs on request before reviewing any private repository or firmware image.

Singapore · APAC Security Hub

Ready to secure your project?

Web3, IoT, Automotive, or Mobile — DM or email with your scope. We confirm price within a few hours. Work starts immediately.

DM @Innora_sg Read our research

@Innora_sg · [email protected] · innora.ai/audit

What you receive

Every engagement includes the same deliverables.

PDF Report

Severity-ranked findings with root cause analysis and remediation steps.

Foundry PoC

Runnable exploit for every Critical and High — you can verify it yourself.

Fix Verification

One round of re-review after you patch. We confirm the fix holds.

24–72h Turnaround

Scope confirmed on day 0. Report delivered within agreed window.

Pricing

Scope confirmed before work begins — no surprise overruns.

≤ 500 LOC

Focused Review

$3,000

Delivered in 24h · Pay after

Single contract or module
PDF report
Foundry PoC (Critical/High)
Fix verification round

Start with DM

Most Common

500 – 2,000 LOC

Protocol Audit

$5,000 – $7,000

Delivered in 48h · Pay after

Multi-contract system
Full PDF report
PoC for all Critical/High/Medium
Fix verification + re-review
Architecture commentary

Start with DM

2,000 – 5,000 LOC

Full System

$8,000 – $10,000

Delivered in 72h · Pay after

Full protocol coverage
Threat model document
PoC for all findings
Two fix-verification rounds
Architecture commentary
Post-fix memo

Start with DM

Scope coverage

Attack classes that have caused real on-chain losses.

Reentrancy & cross-function reentrancy

Access control & privilege escalation

Flash loan & economic attack vectors

Oracle manipulation & price staleness

Signature replay & permit abuse

ERC-4337 paymaster / UserOp logic

Integer overflow / precision loss

Unsafe external calls & callback hooks

Past findings

Representative examples from previous work.

Kelp DAOLayerZero BridgeCritical

Impact: $292M at risk

Cross-chain rsETH bridge exploit via LayerZero message manipulation.

Read full analysis →

HyperlaneISM ReplayCritical

Impact: $2.5M

Validator set manipulation via replayed attestations bypassed message security.

Read full analysis →

ERC-4337Paymaster DrainHigh

Impact: $400K+

postOp validation gap allows fee extraction without token transfer.

Read full analysis →

CUDA BIP39Entropy CorruptionCritical

Impact: N/A

Negative-shift wrap-around silently corrupts 93.75% of key search space.

Read full analysis →

How it works

Submit scope

DM @Innora_sg or email with your target and scope description. We reply with a price and timeline within a few hours.

Review begins

Once scope is agreed, we start immediately using our AI-assisted pipeline. No upfront payment required.

Report + PoCs

You receive the full report and runnable exploits or PoCs for all Critical and High findings within the agreed window.

Pay after review

Payment is due within 48h of delivery — USDC or wire. One fix-verification round is included.

FAQ

Do I pay before or after?

After. We deliver the report and PoCs first. Payment is due within 48h of delivery via USDC or wire transfer.

What if you find nothing?

You still receive a written scope-coverage report documenting what was reviewed and how. No charge reduction — if we find nothing, it means nothing exploitable was found under the agreed scope.

Do you cover both Web3 and hardware/firmware targets?

Yes. Our team operates across Web3 smart contracts, IoT/embedded firmware, automotive ECUs (ISO 21434), and Android APK. Each domain has a dedicated methodology and AI-assisted toolchain.

How do I start?

DM @Innora_sg on X or email [email protected] with your target description and scope. We confirm the timeline and price within a few hours.

Do you sign NDAs?

Yes. We sign mutual NDAs on request before reviewing any private repository or firmware image.