Services
Boutique security research and engineering hardening for Web3/Solana systems – evidence-led, release-aware, and client-safe.
We focus on: Solana/Web3 integrations, APIs, webhooks, authentication & permissions, secrets handling, abuse resistance, logging hygiene, and release safety.
What you get (in plain terms)
- Clear risk calls per change: block / warn / ok
- Minimal, review-friendly patches (small diffs, easy to ship)
- A release gate: what to validate before you cut the tag
- Clean write-ups your team can reuse
Engagement models
1) Rapid PR / Patch Review (48-72h)
For urgent merges, hotfixes, and release windows.
Deliverables
- Review notes with clear risk calls (block / warn / ok)
- Small patch suggestions (surgical, testable, PR-friendly)
- Release checklist tailored to the change
Starting fee (USD): 750-2,500
2) Launch Readiness Pack (5 business days)
A focused hardening sprint before a release or public launch.
Typical scope
- Webhook verification + replay resistance + idempotency
- Auth boundaries, role checks, and permission surfaces
- Secrets exposure paths + logging hygiene + CI gates
- Rate limiting, timeouts, backoff, and safer defaults
Deliverables
- Threat model memo (module-sized, practical)
- Patch set + test notes (PR-sized, easy to review)
- “Launch gate” checklist (ship / hold / follow-ups)
Starting fee (USD): 3,500-9,000
3) Engineering Hardening Retainer (monthly)
For teams that ship continuously and want a standing safety net.
Includes
- Ongoing PR reviews + hardening tickets
- Release gates for major deploys
- Incident-response support (analysis + mitigation notes)
- Documentation that stays current as you ship
Starting fee (USD): 2,500-12,000 / month
Add-ons (optional)
- Architecture review (1-2 days): auth + data flows + attack surface map
- Webhook + signature pack: verification, replay defense, idempotency recipes
- CI safety gates: policy checks, regression/smoke suite, release checklist
What we don’t do
- Exploit development, theft, or “drain” steps
- Fund recovery services
- Work that violates program policy or client safety constraints
How we start (fast)
1) You share: repo link / PRs / deployment notes + scope
2) We align on a target window and success criteria
3) We deliver: notes + patches + a clear ship/hold call
Contact (fast)
If you want to start quickly, send:
- Repo/PR link(s)
- Deadline (when you want to ship)
- 2-3 lines of context (what changed + what worries you)
Email: Cleitonprestes54@gmail.com
X: @Cleiton16144221
Discord: cleiton8509p