How much does a smart contract audit cost?

Direct answer

A smart contract audit costs, on the global market (prices quoted in USD, the Web3 industry standard), from US$ 5,000 to US$ 250,000 per engagement — most DeFi protocols land between US$ 25,000 and US$ 100,000. The price is driven mainly by code size (nSLOC, non-comment source lines of code), logic complexity and the depth of the methods used (manual review + formal verification + fuzzing + post-fix retest). A simple ERC-20 runs US$ 5,000–20,000; a mid-complexity DeFi, US$ 40,000–100,000; multi-chain enterprise, US$ 150,000+. There's no single number: the final figure only comes after the vendor reads the repository at the commit that goes to production. Rule of thumb: size the budget by the value the contract will custody (TVL), not by the lowest price — a cheap, shallow audit can cost the entire protocol, since a single exploit drains the whole on-chain balance at once, with no reversal.

In short

  • There's no list price: cost is driven by code size (nSLOC), logic complexity, language/chain, depth of analysis (manual + formal + fuzzing), post-fix retest, urgency and the auditor's reputation — request a quote on the exact commit that goes to production.
  • Market ranges (USD, Web3 standard): simple ERC-20/NFT US$ 5–20K; mid DeFi US$ 40–100K; complex/multi-chain protocol US$ 150K+. Post-fix retest: US$ 5–20K per round; urgency adds 20–40%.
  • Language matters to the price due to auditor scarcity: Rust/Solana typically charge 25–40% more than Solidity; Cairo and Move, 30–45%; ZK circuits, 80–120% above the EVM baseline.
  • A cheap audit is the most expensive one there is: in the 2025 edition of the OWASP Smart Contract Top 10, access control (SC01) alone accounted for ~US$ 953 million in losses (from 2024 incident data); an exploit drains the entire TVL in one transaction, with no chance of reversal.
  • A good report delivers: a scope with the commit hash, severity by impact/likelihood (in the spirit of CVSS), a proof of concept (PoC) for each flaw, mapping to the OWASP Smart Contract Top 10, a remediation recommendation and — critically — the retest letter confirming what was fixed.
  • Don't confuse an audit with an exchange/custody pentest: the audit reviews the on-chain code; the offensive pentest tests the infrastructure, keys and off-chain operation — and in 2025 much of the biggest losses came precisely from off-chain (the Bybit hack, US$ 1.5B, was an operational compromise, not a contract bug).

What you're buying (and why that defines the price)

Before discussing numbers, it's worth aligning on what a smart contract audit is. It's not a five-minute automated scan, nor a badge. It's a security review conducted by human experts over the code that will run immutably on the blockchain, controlling real money. The deliverable is a report that lists each vulnerability found, its severity, how to exploit it (proof of concept) and how to fix it — followed by a retest that confirms whether the fixes worked. The price varies so much because what you buy varies so much: reviewing a 200-line ERC-20 token is fundamentally different from auditing a lending protocol with oracles, governance and cross-chain bridges.

The reason smart contracts justify an expensive, dedicated audit is their most dangerous trait: immutability and direct custody of funds. An ordinary web application with a bug can be fixed with a rushed deploy; a smart contract, once published, often cannot be changed — and it holds users' money directly, with no intermediary bank, no chargeback, no support to reverse it. When someone exploits the flaw, the balance leaves the contract's wallet in a single transaction and lands in an attacker's address, usually never to return. There's no 'call the bank and cancel'.

This changes the economics of the buying decision. In traditional application security, you weigh the cost of testing against the likelihood and impact of an incident. In Web3, the impact of a single critical bug is frequently 100% of the TVL (Total Value Locked, the total value locked in the contract). If your protocol will custody US$ 10 million, saving US$ 30K on a shallow audit only to lose the US$ 10 million later is not a saving — it's the worst possible allocation of capital. The price of the audit should be read as a fraction of what it protects, not as a standalone IT expense.

The factors that determine the price, one by one

The first and most important factor is code size, measured in nSLOC (non-comment source lines of code). Almost every auditor and platform prices by nSLOC, because it approximates human reading time. Market benchmarks map size to schedule almost linearly: about 500 nSLOC consume ~3 days of auditing; 3,000 nSLOC, ~18 days; 6,000 nSLOC, ~38 days. Since the cost is mostly expert-hours, the price scales along with it. That's why the first honest question from any serious vendor is 'how many nSLOC are in scope?' — and why you should send the repository (or the exact commit hash) to get a real quote, not a guess.

The second factor is logic complexity, which isn't captured by line count alone. A thousand lines of a standard token are trivial; a thousand lines of an AMM with curve math, rebasing and hooks are a nightmare. Sophisticated business logic — collateralized lending, price oracles, governance, staking, cross-chain bridges, upgradeable proxy contracts — multiplies the number of possible states and inter-contract interactions, which is exactly where the most expensive flaws live. In the 2025 edition of the OWASP Smart Contract Top 10, price oracle manipulation (SC02) and business logic errors (SC03) appear at the top precisely because these flaws pass correct low-level checks and still allow value extraction.

The third factor is language and chain. Solidity (EVM) is the baseline because it has the largest pool of auditors. Anything outside it charges a scarcity premium: Rust/Solana typically costs 25–40% more; Cairo (StarkNet) and Move (Sui/Aptos), 30–45% more; and zero-knowledge (ZK) circuits reach 80–120% above the EVM baseline, because they require auditors who understand advanced cryptography on top of programming. Treat these premiums as orders of magnitude, not a price list: the real multiplier depends on the firm and the supply of specialists at that moment. The fourth factor is the depth of the methods: a manual-only review is cheaper and shallower; adding formal verification (mathematically proving properties of the contract), fuzzing (bombarding the code with random inputs to find broken states) and invariant testing raises the cost, but it's what separates an off-the-shelf audit from one worthy of a protocol holding millions.

The fifth factor is the post-fix retest (re-audit), which many people forget to budget for and which typically costs US$ 5,000–20,000 per round. It's not optional: fixing one bug can introduce another, and without the retest you're deploying code no one validated after the last change. The sixth is urgency — asking for results in one week instead of four typically adds 20–40% to the price, because it forces the vendor to reshuffle the team. And the seventh is the auditor's reputation and track record: firms and researchers with a proven record, with real documented vulnerabilities and their name on the line, charge more — and deliver a level of rigor (and credibility before investors and users) that justifies the difference.

Threat Management · Free

Launching or already operating a protocol, exchange or on-chain treasury? Decripte covers the entire Web3 security cycle: smart contract audit of the on-chain code at /plano/web3-security, offensive testing of infrastructure, keys and off-chain custody at /plano/seguranca-ofensiva, and continuous monitoring of threats and credential exposure at the /intelligence-center. Send the commit hash of what goes to production and get a real quote — sized to your nSLOC and your TVL, not a blind number.

No card, no commitment. Find out in minutes what has already leaked from your company and what your real risk is.

Real price ranges by complexity and scope

The reference table gives honest market ranges, in dollars — the standard quoting currency in the Web3 sector, even for Brazilian projects, because the auditor pool is global and elite teams charge in USD. Treat these values as starting points for sizing your budget, not as a fixed table: the final price always depends on the exact scope (nSLOC, language, depth, timeline). A firm number only comes after the vendor reads the repository at the commit that goes to production. Be wary of any 'blind' quote that arrives before that — a price given without seeing the code is marketing, not a quote.

Note that most mid-complexity DeFi protocols — the most common case for anyone reading this — land between US$ 25,000 and US$ 100,000 for the initial audit, and a prudent reserve for 2026 is to set aside US$ 60,000–120,000 including at least one retest round. When the budget is tight, the classic mistake is to cut depth (dropping fuzzing and formal verification) or skip the retest. Both cuts attack exactly the steps that catch the most expensive bugs. If the budget can't support the audit your TVL demands, the right answer is rarely a worse audit — it's to reduce the surface (launch with limited TVL, with a timelock and circuit breakers) until you can afford the review it deserves.

It's also worth distinguishing an 'audit' from a 'pre-audit' or 'quick review'. A pre-audit of a 500-line contract can run US$ 1,500–3,000 and serves to catch the obvious before the real audit — but it doesn't replace a full audit, and presenting it as such to investors or users is, at best, misleading. Bug bounty programs (rewards for flaws found by the community) and contest-format audits are valid complements after launch, not substitutes for the initial audit targeted at your code before the deploy.

Why the cheap audit is the most expensive one there is

The temptation to take the lowest quote is understandable, and it's almost always a miscalculation. The industry data makes this brutally clear. According to Chainalysis, crypto asset theft totaled about US$ 2.2 billion in 2024 and surpassed US$ 3.4 billion in 2025 — an all-time record. At the code-flaw level, the 2025 edition of the OWASP Smart Contract Top 10 (compiled from incidents documented in 2024) shows that the access control category (SC01) alone accounted for approximately US$ 953 million in losses; business logic errors, ~US$ 63.8 million; reentrancy, ~US$ 35.7 million; flash loan attacks, ~US$ 33.8 million. These are exactly the classes of bug a deep audit finds and a shallow one lets through.

The asymmetry is the central point. An access control flaw — a privileged function anyone can call, a misconfigured proxy, an initializer that can be re-executed — doesn't cause a loss proportional to the bug. It causes 100% of the contract. The attacker doesn't 'scratch' the protocol; they empty it. And because the transaction is on-chain, final and irreversible, there's no incident SLA, no backup restoration, no negotiating with the card processor. The money is gone and, according to Chainalysis, flows immediately to laundering through other DeFi protocols — which were the fastest-growing laundering entry route (+370%) in the first days after the period's major thefts.

There's also the cost that doesn't show up on the balance sheet: trust. A protocol that suffers an exploit loses not just the TVL of that moment, but the credibility that sustained future TVL. Users leave, partners pull back, listings stall, and the team spends months on the post-mortem, crisis communication and, often, attempts to reimburse out of its own pocket. Add it all up and the 'saving' of US$ 50K on an adequate audit becomes a seven- or eight-figure loss. The honest reading is simple: the price of the right audit is always a fraction of the price of not having done the right audit.

Threat Management · Free

No card, no commitment — understand your real risk before you invest.

No card, no commitment. Find out in minutes what has already leaked from your company and what your real risk is.

What a good audit report delivers

Knowing what a good report contains is your best defense against paying a lot for little. First, an explicit and verifiable scope: which files and which commit hash were audited. This seems obvious, but it's where weak vendors slip — they audit one commit and the team deploys another. The report needs to pin down exactly what was looked at, so no one can claim coverage that never existed.

Second, each finding should carry a classified severity (critical/high/medium/low/informational, ideally anchored in impact and likelihood, in the spirit of CVSS), a precise technical description, a proof of concept (PoC) demonstrating the exploitation — not just 'this looks risky', but the step-by-step that drains the funds — and an actionable remediation recommendation. A good report also maps findings to a recognized reference, such as the OWASP Smart Contract Top 10. In the 2025 edition, the order is SC01 access control, SC02 price oracle manipulation, SC03 logic errors, SC04 lack of input validation, SC05 reentrancy, SC06 unchecked external calls, SC07 flash loans, SC08 integer overflow/underflow, SC09 insecure randomness and SC10 denial of service — this mapping lets any third party audit the audit.

Third, and most important for the buying decision: the retest (re-audit) letter. A report that lists 12 issues and ends there is only half done. The complete deliverable includes a second round, after your team has fixed things, confirming finding by finding what was remediated, what was partially mitigated and what the team decided to accept as residual risk (with justification). It's this final letter, not the initial report, that you show investors, partners and users. Without it, you have a diagnosis — not a guarantee the patient was treated.

Finally, transparency and verifiable reputation. Good auditors publish prior reports, have real vulnerabilities documented in their name and are willing for the final report to be public. Be wary of vendors that offer a 'badge' without a report, that refuse to disclose the scope, or that promise 'guaranteed approval' — a serious audit doesn't promise approval, it promises rigor; and a report that finds nothing in a complex protocol is, in itself, cause for suspicion, not celebration.

How to hire well: sizing and comparing vendors

Start by sizing your own scope before requesting a quote, so you can talk as an equal. Count the nSLOC of what actually goes to production (tools like solidity-metrics or cloc handle this), list the language/chain, identify whether there's high-risk logic (oracles, governance, bridges, upgradeable proxies) and estimate the target TVL. These four numbers — size, language, complexity and value protected — define most of the price and let you compare proposals on the same basis, instead of comparing apples to oranges.

When comparing vendors, always ask for: two or three prior reports of complexity similar to yours; the explicit methodology (manual only? manual + fuzzing + formal verification?); who exactly will audit (the senior who sold it or a junior no one has seen?); the realistic timeline; and whether the retest is included or charged separately. An honest differentiator: ask about real critical findings they've uncovered in past audits. Those with a track record answer with concrete examples; those selling a badge deflect. Quotes well below the market range for your nSLOC aren't a bargain — they're a sign of insufficient depth or opaque subcontracting.

Finally, fit the audit into the right security cycle, because it alone doesn't cover everything. A smart contract audit looks at the on-chain code — but, as Chainalysis's own data shows, much of the biggest losses of 2025 came from outside the contract: private key compromise, multisig hijacking, supply chain attacks, operator phishing and drainer malware. The largest theft in history to date, Bybit's (US$ 1.5 billion, in February 2025), was not a smart contract bug — it was a compromise of the operational signing process. That's why Decripte treats Web3 security as a whole. For the on-chain code, the front is the smart contract audit at /plano/web3-security. For the infrastructure, custody, key management and the operation of the exchange or treasury, offensive testing comes in at /plano/seguranca-ofensiva, which attacks precisely the off-chain vectors that a code audit can't see. And for continuous monitoring of threats, credential exposure and suspicious activity tied to your protocol, team and on-chain addresses, the /intelligence-center closes the loop between the audited deploy and day-to-day operations.

Smart contract audit price ranges by size and scope (USD, 2025–2026)

Project typePrice range (initial audit)What it usually includesMain cost driver
Pre-audit / quick review (~500 lines)US$ 1,500–3,000Scan for the obvious; does NOT replace a full auditShort time; shallow by definition
Simple ERC-20 / NFTUS$ 5,000–20,000Manual review of standard code, few statesSmall nSLOC; trivial logic
Mid-complexity DeFiUS$ 40,000–100,000Manual + fuzzing; oracles, staking, governanceLogic complexity and inter-contract interactions
Complex / multi-chain / enterprise protocolUS$ 150,000+Manual + fuzzing + formal verification; bridges, proxiesSize + complexity + depth required
Non-EVM language (Rust/Solana, Cairo, Move, ZK)+25% to +120% over the EVM baselineSame scope, scarce specialistsAuditor scarcity in the language/chain
Post-fix retest (re-audit)US$ 5,000–20,000 per roundFinding-by-finding confirmation of the fixesMandatory; often charged separately
Urgency (tight timeline)+20% to +40% over the baseTeam reshuffling for fast deliveryPriority over other engagements

Key terms

nSLOC (non-comment source lines of code)
Source code lines excluding comments and blank lines. It's the standard pricing unit for audits, because it approximates the human time to read the code. Market benchmark: ~500 nSLOC ≈ 3 days of auditing; ~3,000 nSLOC ≈ 18 days; ~6,000 nSLOC ≈ 38 days.
TVL (Total Value Locked)
The total value locked/custodied by a smart contract or protocol. It's the metric that should anchor the audit budget: the impact of a single critical bug is usually 100% of the TVL, so the price of the review should be read as a fraction of what it protects.
Post-fix retest (re-audit)
A second review round done after the team has fixed the findings, confirming, item by item, what was remediated, partially mitigated or accepted as residual risk. It typically costs US$ 5,000–20,000 per round. It's the final letter you show investors and users — without it you have a diagnosis, not a guarantee of treatment.
Proof of concept (PoC)
An executable demonstration of how a vulnerability is exploited — the step-by-step that actually drains or manipulates the funds, not just the observation that it 'looks risky'. A finding without a PoC is a suspicion; with a PoC, it's a proven flaw.
OWASP Smart Contract Top 10
A public reference of the ten most critical classes of flaw in smart contracts. In the 2025 edition: SC01 access control, SC02 price oracle manipulation, SC03 logic errors, SC04 lack of input validation, SC05 reentrancy, SC06 unchecked external calls, SC07 flash loans, SC08 overflow/underflow, SC09 insecure randomness and SC10 denial of service. A good report maps each finding to these categories.
Formal verification
A method that mathematically proves the contract satisfies defined properties (e.g., 'the total balance can never decrease without an authorized withdrawal'). It raises the audit cost, but it's what catches classes of bug that tests and manual review let through.
Fuzzing / invariant testing
A technique that bombards the contract with thousands of random inputs and sequences to find states that violate invariants (rules that should always hold). It complements manual review and is decisive in complex financial logic, such as AMMs and lending protocols.

How to decide and hire well

  1. Size the scope before quoting: count the nSLOC of what goes to production (solidity-metrics or cloc), note the language/chain, flag high-risk logic (oracles, governance, bridges, proxies) and estimate the target TVL.
  2. Use market ranges to calibrate expectations, not to lock in a price: simple ERC-20 US$ 5–20K, mid DeFi US$ 40–100K, complex/multi-chain US$ 150K+ — and reserve US$ 5–20K per retest round.
  3. Always send the repository at the exact commit hash that will go to production and refuse 'blind' quotes given without seeing the code.
  4. Ask each vendor for: 2–3 prior reports of similar complexity, the explicit methodology (manual + fuzzing + formal verification?), who exactly will audit and real critical findings they've already uncovered.
  5. Confirm in writing whether the post-fix retest is included or charged separately — and never deploy without the retest letter validating the fixes.
  6. Compare proposals on the same basis (nSLOC, language, depth, timeline) and be wary of quotes well below the range for your size: they usually mean insufficient depth or opaque subcontracting.
  7. If the budget doesn't cover the audit your TVL demands, reduce the surface (limited TVL, timelock, circuit breakers) instead of buying a shallower audit.
  8. Treat the on-chain audit (/plano/web3-security) as one front of a whole: also contract offensive testing (/plano/seguranca-ofensiva) for keys, custody and off-chain operations, and continuous monitoring (/intelligence-center) for threats and credential exposure.

Frequently asked questions

On average, how much does it cost to audit a smart contract?

There's no single useful average — it depends on code size (nSLOC), language, complexity and depth. The market ranges (in USD, Web3 standard): simple ERC-20/NFT US$ 5,000–20,000; mid-complexity DeFi US$ 40,000–100,000; complex or multi-chain protocol US$ 150,000+. Most DeFi projects land between US$ 25,000 and US$ 100,000 for the initial audit. The firm number only comes after the vendor reads the repository at the commit that goes to production.

Why do they charge in dollars, even for Brazilian projects?

Because the Web3 audit market is global and elite teams — researchers, firms and audit platforms — quote and charge in USD. The cost is mostly hours of scarce specialists, and those specialists aren't tied to any one country. For a Brazilian project, this means budgeting in dollars and factoring the exchange rate into planning, not expecting a cheaper 'price list in reais'.

What makes the price rise so much between a simple token and a DeFi protocol?

Three things, mainly: size (nSLOC), logic complexity and the depth required. A standard ERC-20 has few possible states; a protocol with oracles, governance, staking and cross-chain bridges multiplies the states and inter-contract interactions — which is where the most expensive flaws live (oracle manipulation and business logic errors). Complex logic also demands fuzzing, invariant testing and, sometimes, formal verification, which raise the cost but catch the bugs manual review lets through.

Is the post-fix retest always included in the price?

No — and that's one of the most common traps. Many vendors quote only the initial audit and charge the retest separately, typically US$ 5,000–20,000 per round. The retest isn't optional: fixing one bug can introduce another, and without the second round you deploy code no one validated after the last change. Confirm in writing before signing whether the re-audit is included.

Is a smart contract audit the same as an exchange or custody pentest?

No, and confusing the two is dangerous. The audit reviews the on-chain code that runs on the blockchain. The offensive pentest tests the off-chain infrastructure: servers, APIs, private key management, multisig, operational processes and people. In 2025, much of the biggest losses came from off-chain — the Bybit theft (US$ 1.5 billion) was a compromise of the signing process, not a contract bug. A serious protocol runs both fronts: the audit at /plano/web3-security and offensive testing at /plano/seguranca-ofensiva.

Doesn't a cheap audit do the job? Why pay more?

Because in Web3 the economics are asymmetric: a single critical bug usually costs 100% of the TVL, and the on-chain transaction is final and irreversible — no reversal, backup or negotiation with a bank. In the 2025 edition of the OWASP Smart Contract Top 10 (from 2024 incident data), the access control category alone accounted for ~US$ 953 million in losses. Saving US$ 30–50K by cutting depth or the retest only to lose millions later is the worst possible allocation of capital. The price of the right audit is always a fraction of the loss of not having done it.

And the LGPD? Does a smart contract audit cover my regulatory exposure in Brazil?

Not directly. A smart contract audit is about the on-chain code and its financial/exploit risk, not about personal data protection. The LGPD deals with personal data and its sanctions are applied by the ANPD: under art. 52, the simple fine is up to 2% of the company's revenue in Brazil (excluding taxes), capped at R$ 50 million per violation. If your project collects user data (KYC, emails, wallets tied to identity), that exposure is handled through governance and privacy fronts, separate from the contract audit.

How do I know if a vendor is good before hiring?

Ask for prior reports of complexity similar to yours, the explicit methodology (manual + fuzzing + formal verification), who exactly will audit (senior or junior), the realistic timeline and whether the retest is included. Ask about real critical findings they've already uncovered — those with a track record give concrete examples; those selling a badge deflect. And be wary of two things: quotes well below the market range for your nSLOC, and any promise of 'guaranteed approval'. A serious audit promises rigor, not approval.

References

  • Chainalysis — 2025 Crypto Theft Reaches $3.4 Billion (and $2.2B in 2024; DeFi laundering route +370%; Bybit US$ 1.5B) — https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2026/
  • OWASP Smart Contract Top 10 (2025 edition) — order of categories SC01–SC10 — https://scs.owasp.org/sctop10/archive/2025/Top10:2025/
  • OWASP / SolidityScan Web3HackHub — losses by category in 2024 (SC01 US$ 953.2M; logic US$ 63.8M; reentrancy US$ 35.7M; flash loan US$ 33.8M) — https://owasp.org/www-project-smart-contract-top-10/2025/en/src/SC01-access-control.html
  • Sherlock — Smart Contract Audit Pricing: A Market Reference for 2026 (ranges, nSLOC→schedule, retest, urgency) — https://sherlock.xyz/post/smart-contract-audit-pricing-a-market-reference-for-2026
  • LGPD — Law No. 13.709/2018, art. 52 (simple fine up to 2% of revenue in Brazil, excluding taxes, capped at R$ 50 million per violation) — https://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/l13709.htm

How Decripte solves this

From the free assessment to the managed service — pick the right entry point.

Launching or already operating a protocol, exchange or on-chain treasury? Decripte covers the entire Web3 security cycle: smart contract audit of the on-chain code at /plano/web3-security, offensive testing of infrastructure, keys and off-chain custody at /plano/seguranca-ofensiva, and continuous monitoring of threats and credential exposure at the /intelligence-center. Send the commit hash of what goes to production and get a real quote — sized to your nSLOC and your TVL, not a blind number.

Start free with Threat Management and see what is already exposed. Move up to the managed plans when it makes sense — without building an in-house team.