Solana Projects › Pashov Audit Group

Pashov Audit Group

World Class Smart Contract Security Audits

Programs · 24h on-chain

On-chain activity

All programs →

Security Auditing

Pashov Audit Group provides smart contract security audits that identify vulnerabilities through manual code reviews. The service examines all aspects of contract implementations including access controls, input validation, business logic, and economic models.

Visit
About

Pashov Audit Group

Pashov Audit Group is a smart contract security firm that assigns dedicated teams of four senior researchers to each audit engagement, covering EVM chains, Solana, Move, and Cairo — with a portfolio of over 400 audits and clients that include Aave, Uniswap, Jupiter, and Pump.fun.

The Problem It Solves

Smart contract vulnerabilities have cost DeFi protocols billions of dollars, and the audit market presents a consistent trade-off: boutique solo reviewers offer depth but limited bandwidth, while large firms can dilute attention across their pools. Pashov Audit Group targets the gap between them. Every engagement is staffed with exactly four dedicated senior security researchers, all of whom have proven track records from competitive audit contests on Code4rena, Sherlock, or Cantina. The fixed team structure ensures focused attention without the variability of solo scheduling, and the contest-vetting process serves as an external benchmark for researcher quality.

Founding and Background

The firm traces to Krum Pashov, a Bulgarian security researcher who entered the field in June 2022 by competing on Code4rena. After winning the VTVL auditing contest and scaling a solo private practice to roughly $40,000 per month in engagements by early 2023, Pashov converted that pipeline into a collective. The formal group launched in 2024, bringing together a network of over 50 researchers under a shared brand and a standardized review process. Pashov has spoken publicly about methodology: line-by-line code reading, intensive documentation study, and a deliberate position against AI-assisted tooling, which he regards as insufficiently precise for production-grade security work. The firm is based in Sofia, Bulgaria.

How Audits Work

Each engagement receives four dedicated senior auditors who review the codebase in parallel before consolidating findings. This approach is designed so that edge-case vulnerabilities that one reviewer might normalize receive independent confirmation before being downgraded. A focused review of a single contract typically takes three to five days; a comprehensive audit of a complex, multi-contract protocol runs two to four weeks. Audit start is available immediately upon engagement.

The firm publishes its internal methodology playbooks openly in the pashov/skills GitHub repository. Completed audit reports are catalogued in the pashov/audits repository, which has accumulated over 1,300 GitHub stars and serves as a public, searchable record of the firm's work.

Key Features

  • Fixed team of four senior researchers per engagement (all security contest champions)
  • Immediate audit start availability
  • Multi-chain coverage: Solidity across all major EVMs, Rust and Anchor for Solana, Move, Vyper, and Cairo
  • Public audit report archive on GitHub
  • Published methodology playbooks

Portfolio and Clients

As of 2025, Pashov Audit Group has completed over 400 audits, identified more than 4,000 vulnerabilities, and contributed to securing an aggregate of $100 billion or more in total value locked. The client list covers some of the largest protocols in DeFi: Aave ($72 billion in TVL), Uniswap (over $3 trillion in all-time trading volume), PancakeSwap, SushiSwap, Ethena, LayerZero, Pendle, EtherFi, 1inch, Polymarket, and Pump.fun. In mid-2024, the firm reported completing nearly 90 audits in that year alone.

Solana Ecosystem Presence

Pashov Audit Group handles Solana and SVM audits alongside its EVM work, a capability that matters because EVM-specialized auditors often lack the Rust and Anchor expertise required to catch Solana-specific vulnerability classes — such as account validation failures, program-derived address misuse, or cross-program invocation edge cases.

The public audit archive includes several Solana-native engagements. Pump.fun, the Solana token launch platform that became one of the most-used protocols on the network, received a Pashov review. Jupiter and Meteora, two of Solana's leading DEX aggregator and liquidity infrastructure protocols, are also among the firm's clients. In 2025, the portfolio expanded further with a Rust-based audit of the Desci Launchpad (February 2025) and a review of Gatekeeper, a Solana program related to sandwich validator control (June 2025).

This multi-chain positioning makes Pashov Audit Group relevant to Solana protocols that also deploy cross-chain bridge logic, have EVM counterparts, or operate in ecosystems where a security firm's track record across both environments matters to token holders and institutional partners.

Transparency and Track Record

Pashov Audit Group has no disclosed security incident on its own infrastructure. The GitHub-based report archive functions as an auditable public trail: each completed report is logged with client name, protocol type, and audit date, with a publicly accessible PDF where clients have consented to disclosure. The repository's star count and the caliber of clients listed serve as external signals of the firm's standing in the security community.

Contents

Note: inclusion in Solana Compass directory does not indicate a recommendation or endorsement of this project, its token(s) or its products. Data sourced with thanks from The Grid to aid in building these pages.

Reviews

0.0
0 reviews
Please login to write a review.
Solana tokens

Solana Token Markets

Explore all tokens →