How Cantina Audits Work
Cantina security audits are structured, expert-led reviews of your codebase conducted by vetted security researchers from the Spearbit network.Audit Formats
| Format | Best For | How It Works |
|---|---|---|
| Competitive Audit | Maximum coverage | Multiple independent researchers audit simultaneously; findings ranked by severity and rewarded from a shared prize pool |
| Private Audit | Sensitive codebases, tight timelines | Dedicated team of matched researchers works exclusively on your code |
The Audit Process
Step 1 — Scoping
Define code in scope, nLoC, format, and timeline. Start here.Step 2 — Researcher Matching
Cantina matches researchers to your stack (Solidity, Rust, Go, Python, Web2 frameworks).Step 3 — Review Period
Researchers audit via Cantina Code, submitting findings with write-ups and PoCs.Step 4 — Judging
Findings are severity-classified, deduplicated, and researchers may escalate disputes.Step 5 — Remediation
Your team fixes findings and marks them Fixed, Acknowledged, or Disputed in Cantina Code.Step 6 — Final Report
You receive a signed report: executive summary, all findings by severity, and researcher attestations.Severity Levels
| Severity | Description | Example |
|---|---|---|
| Critical | Immediate risk of fund loss | Unchecked reentrancy |
| High | Significant impact with conditions | Access control bypass |
| Medium | Moderate impact | Incorrect accounting logic |
| Low | Minor / best-practice violations | Unlocked pragma |
| Informational | No security impact | Gas optimization |
Frequently Asked Questions
What is the difference between a competitive and private audit?
A competitive audit opens your codebase to multiple independent researchers simultaneously for maximum coverage. A private audit assigns a dedicated, curated team — better for sensitive code or tight confidentiality requirements.How long does a Cantina audit take?
Most competitive audits run 1–4 weeks. Private audits can be scoped shorter. Judging and report delivery add 1–2 weeks post-review.How much does a Cantina audit cost?
Pricing depends on codebase size, format, and timeline. Contact Cantina for a scoping estimate.What deliverables does my organization receive?
A final audit report with all findings by severity, recommended remediations, and researcher attestations.Can we request a re-review after fixing findings?
Yes, for private audit engagements. Reach out to support@cantina.xyz.Ready to Start?
Request an Audit →Maintained by the Cantina Security Team · Last reviewed: March 2026 · support@cantina.xyz