Smart Contract Audit Price vs Solidity Audit Price vs Smart Contract Audit Pricing: Full Cost Range Guide

Security buyers keep wondering: What’s a realistic price for a “smart contract audit” versus a “Solidity audit” in 2026, and how do these pricing models really work? This guide brings together public, verifiable data from leading security vendors and DAOs, so you can plan your budget accurately, negotiate with confidence, and time your audits for the best risk reduction for your bucks.

Smart Contract Audit Pricing Guide for 2026

Looking to get a grip on smart contract audit pricing in 2026? You’ve come to the right spot! This guide gives you a clear-eyed view of what's out there, from Solidity audits to multi-stack options. We’ll dive into different pricing models--like fixed fees, weekly rates, contests, and retainers--along with real pricing examples, timelines, and sample budgets you can totally use for your own projects.

Comparing Audit Types

Solidity vs. Multi-Stack Audits

When it comes to choosing the right type of audit, it largely depends on your project's needs. Here’s a breakdown of the two major types:

• Solidity Audits: Tailored specifically for Ethereum-based contracts. If your project is rooted in the Ethereum ecosystem, this is the way to go.
• Multi-Stack Audits: These audits cover more than just one technology stack, making them a smart choice for projects that might use various platforms.

Pricing Models

You’ve got a few options when it comes to how you pay for your audits. Here’s a rundown of the most common models:

• Fixed-Fee: You pay a set price, which is great for straightforward budgeting.
• Per-Week: This model works if your project’s complexity can’t be neatly packaged into a fixed fee. You're essentially paying for the auditor's time each week.
• Contest: Some platforms let you post your audit job as a contest, where auditors bid to take it on. Can be a good way to find competitive rates!
• Retainer: If you anticipate needing ongoing audits or support, a retainer could save you some bucks in the long run.

Real Pricing Examples

Here are some actual price points you might encounter when searching for smart contract audits:

• Solidity Audit: Ranges from $5,000 to $20,000 depending on complexity.
• Multi-Stack Audit: Can go from $10,000 to $30,000 or more, depending on the stacks involved.
• Contest Model: You might find bids ranging from $3,000 to $15,000.
• Retainer Agreements: These often start at around $2,000 per month, but can quickly increase based on the level of support you need.

Timelines

The time it takes to complete an audit can vary quite a bit, so here’s a rough estimate:

• Solidity Audits: Usually take about 2-4 weeks.
• Multi-Stack Audits: Typically require 4-8 weeks, especially if different technologies are in play.

Sample Budgets

Here’s a quick budget plan to help you pencil in costs for your audit:

Feel free to take these numbers and tweak them based on your specific situation. And remember, the best approach is to reach out to a few auditors for quotes so you get a feel for the market. Good luck!

---

TL;DR: Today’s real price anchors

• Public, top-tier weekly rates: You’re looking at around $20,000 for each auditor per week, with a quality baseline of about 3 weeks for every 1,000 lines of code (LOC) from Runtime Verification. So, that works out to roughly $60k for a thorough review of 1,000 LOC. (runtimeverification.com)
• DAO-disclosed retainers: For example, OpenZeppelin’s Venus retainer is set at $554,400 for 24 auditor-weeks over six months, which breaks down to about $23.1k a week. (community.venus.io)
• Formal verification at scale: Certora's Aave v4 security program runs for 12 months and comes with a price tag of $2.39 million for a dedicated team of 4.5 full-time equivalents (FTE), which is approximately $780k for each FTE per year. (governance.aave.com)
• Researcher networks: Spearbit’s proposal for Arbitrum suggests that a blended team could cost around $48k per week (covering leads, seniors, associates, and juniors). (forum.arbitrum.foundation)
• Competitive audits (contests): If you look at Code4rena, their prize pools range anywhere from about $20k to over $200k. For instance, the Size audit has a pool of $200k over 22 days, while GTE Perps offers $103,250 over 28 days. (code4rena.com)
• Audit-linked exploit cover: Sherlock charges premiums between 2.0% (for public contests) and 2.5% (for private ones) of the covered amount, which can go up to $10 million. (opencover.com)
• Why this matters: According to Chainalysis and CertiK, the estimated losses from crypto hacks in 2024 hit somewhere between $2.2 billion and $2.36 billion. Security budgets are definitely something boards need to take seriously. (chainalysis.com)

---

“Smart contract audit” vs “Solidity audit”: what you’re buying

• Solidity audit price: This usually focuses on EVM-only (Solidity) code. Since it’s a bigger, competitive market, you’ll find more stable rates and it’s generally easier to book audits for things like ERC‑20, ERC‑721, ERC‑4626, and common DeFi primitives.
• Smart contract audit price: This one has a wider lens and includes Solidity, Cairo (Starknet), Rust (Solana), Move (Aptos/Sui), Cosmos SDK, Substrate, and even cross‑chain components. You might see some extra charges for tech stacks with fewer auditors available (think Rust/Solana or those fancy ZK circuits), or if you’ve got systems that rely on external pieces like bridges, oracles, or custom cryptography. (7blocklabs.com)

Key implication: Similar lines of code (LOC) can have different pricing across various stacks. The EVM boasts the largest pool of auditors, while Rust, Move, and ZK tend to attract more experienced talent, which usually leads to a higher weekly rate.

---

The four dominant pricing models (and when to use each)

1) Fixed‑fee per scope

• Best when: You’ve got your code in a stable state, the project scope is clearly defined, and you’re looking for a straightforward invoice.
• Typical range for costs (based on public vendor data and market guides): Expect around $8k-$30k for basic tokens; $40k-$100k for projects with a medium level of complexity in DeFi; and if you're diving into multi-contract protocols or bridges, you might be looking at $100k-$200k or even more. Just a heads up, fix reviews and re-audits usually come with separate pricing. (blockchainappfactory.com)
• Watch-outs: Be cautious with those “starting from $5k” deals--most of the time they don’t cover re-audits or deeper manual reviews. It’s a good idea to set aside an extra 10-30% of your budget for any remediation steps. (blockchainappfactory.com)

2) Per auditor‑week (time & materials)

• Best when: You’re looking for experienced seniors who can work closely with you, and you need some flexibility as your code develops.
• Real datapoints:
  • Runtime Verification: They charge about $20k a week, and you can expect a quality baseline of roughly 3 weeks for every 1,000 lines of code. (runtimeverification.com)
  • Top-tier retainers: OpenZeppelin's Venus retainer fees are around $23.1k for each auditor per week. (community.venus.io)
  • Researcher networks: With Spearbit, you’re looking at a blended rate of about $48k a week for a team of 4-5 people. (forum.arbitrum.foundation)

3) Contest‑based (pay for verified findings)

• Best when: You’re looking for a wide range of ideas and some out-of-the-box thinking, often after you've done a structured audit.
• Public budgets: Typically range from $20k to over $200k. For instance, you’ve got Size at $200k for 22 days and GTE Perps at $103,250 for 28 days. Check it out here: (code4rena.com)
• Mechanics detail: Code4rena’s contests share detailed distributions, usually featuring “conditional” pools that focus on High/Medium findings. Zellic mentions that 96% of the conditional pool gets refunded if there are no actionable High/Medium issues. For more, head over to: (github.com)

4) Retainers and continuous assurance

• Best when: You’re shipping often, managing a hefty TVL, or juggling multiple codebases across different chains.
• Public benchmarks:
  • OpenZeppelin × Venus: $554,400 over a span of 24 weeks in six months. (community.venus.io)
  • Certora × Aave v4: $2.39M/year for a dedicated team of 4.5 FTEs focused on formal verification and governance reviews. (governance.aave.com)

---

What actually moves your quote (and how to control it)

• Code freeze discipline: Vendors usually want to see a frozen commit; making changes during the audit can lead to re-scoping and delays. (diligence.consensys.io)
• LOC vs nSLOC: When it comes to contests or coverage, nSLOC is a handy guide for budgeting your time (for instance, Sherlock takes around 12 days for about 2,000 nSLOC). This means that having clean, deduplicated code really pays off. (docs.sherlock.xyz)
• Language/ecosystem: If you're working with EVM, you're in luck--it’s pretty cost-effective. On the flip side, languages like Rust, Move, or ZK might hit you with higher premiums since they're less common. (7blocklabs.com)
• Timeline pressure: Just a heads-up, expect to see 20-40% expedite fees if you’re going with boutique firms. (coredevsltd.com)
• Re-audit cycles: Make sure you budget for an extra 10-30% for reviewing fixes and iterations unless they’re already included in the initial quote. (costbrief.org)
• Coverage and bounties: Don’t forget about audit-linked coverage, like Sherlock’s 2.0-2.5% of the covered amount, plus public bounties, which usually max out at 5-10% of the funds at risk. These can really influence the overall cost of assurance. (opencover.com)

---

Concrete price ranges you can take to a CFO

• Basic ERC‑20/721 or Vault Module (Frozen): Expect to pay between $8k and $30k for a fixed fee engagement. If you’re looking for a more flexible option, it’ll take around 3 weeks at a weekly rate of about $60k, which gives you stronger reports and access to more experienced teams. (blockchainappfactory.com)
• Mid‑Size DeFi Primitive (around 2,500 LOC, with oracles and upgradeable features): You’re looking at 7 to 9 auditor weeks, which translates to about $140k to $180k at a rate of $20k per week. Don’t forget to set aside an extra $20k to $40k for re-audits and hardening! (runtimeverification.com)
• Contest Add‑On for Breadth: This can range from $30k to $150k depending on how mature the project is and its Total Value Locked (TVL). Keep in mind that flagship contests might even exceed $200k! (code4rena.com)
• Continuous Program (DAO/L2): If you're looking at a retainer plus formal verification, you should expect costs to sit in the mid-six to low-seven figures annually for well-known teams, along with governance reviews. (governance.aave.com)

---

Solidity vs Rust/Move audits: where pricing diverges

• EVM/Solidity: There’s a solid pool of auditors out there, plus some well-established libraries like OpenZeppelin, which really helps keep price variations to a minimum. The week-rate and contest models are also pretty liquid, making things easier for everyone involved.
• Solana/Rust or Move: Here, the specialist crowd is a bit thinner. Teams usually set their prices based on named senior weeks or different blends of researchers. You’ll notice that Rust audits often lean towards weekly rates and tend to be more private or by invitation. While contest options are starting to pop up, they’re still not as common as what you’ll find with EVM. For public vendor pricing, expect Solana to kick off in the mid-four to low-five figures for straightforward programs, and it can jump up pretty quickly if you're dealing with more complex multi-programs. (blockapex.io)

Tip: If you find yourself gearing up to launch with a tighter stack, it’s a good idea to book early and lock in a phased plan (design review → audit round 1 → mitigation audit → invitational contest). Following this sequence can help minimize calendar risks and keep your costs more manageable.

---

Timelines and scheduling realities

• Structured audit time: You can expect a focused review to take anywhere from 1 to 4 weeks, and don’t forget that you’ll need additional time for any fixes and re-audits. Keep in mind, schedules for reputable firms are usually booked weeks in advance. (medium.com)
• “Quality floors”: Some vendors set these duration floors to ensure they maintain a high level of coverage quality and depth in their reports. For instance, you might see something like ≈3 weeks for every 1,000 lines of code (LOC). (runtimeverification.com)
• Contests: You’ll often find that contest windows last between 7 to 28 days, and the budgets tend to scale up based on the depth and scope of the project. As a couple of examples, check out the 22-day, $200k Size contest and the 28-day, $103,250 GTE Perps contest to get a feel for planning benchmarks. (code4rena.com)

---

Design your program: four practical, copy‑paste scenarios

Scenario A -- Pre‑launch token + staking (Solidity, ~600 LOC; central treasury; KYC listings planned)

• Objectives: You’ll get a solid report with a quick turnaround, just one re-audit, and a nice little public acknowledgment.
• Pricing plan:
  • Fixed-fee boutique: Expect a base of $12k-$20k, plus an additional $3k-$7k for the re-audit.
  • Or you can go for the weekly rate: a minimum of 3 weeks at $20k/week, which totals up to $60k for more in-depth coverage and tighter deadlines on the report. (blockchainappfactory.com)
  • Optional: How about a micro contest? That'll set you back $20k-$35k to really put those fixes to the test after the review. (code4rena.com)
• Add-ons: You can also add a public bug bounty, with a maximum critical cap of $50k-$100k, or 5-10% of your at-risk funds (depending on how big your treasury is). (immunefisupport.zendesk.com)
• Timeline: Plan for about 2-3 weeks for the audit, then 1 week to fix any issues, and another week for the re-audit. If you want to include an invitational contest, add another 1-2 weeks to that timeline.

Scenario B -- Lending primitive (Solidity, ~2,500 LOC; oracles + upgradeable; aim TVL $25-50M)

• Objectives: We want to cover both depth and breadth here; our partner listings should demand tier-1 signals.
• Pricing Plan:
  • Per-week audit: Expect around 7 to 9 weeks total with 2 auditors. This will set you back about $140k to $180k at baseline. Don’t forget to budget an extra $20k to $40k for any re-audits that might pop up. (runtimeverification.com)
  • Contest: We’re looking at a range of $75k to $150k here. This could be a public contest, or we can do a private invitational to really put those fixes to the test. (code4rena.com)
  • Coverage: For the first 90 to 180 days, you’ll have coverage in the ballpark of $5M to $10M, with an annualized premium around 2.0% to 2.5% for audit-linked cover. (opencover.com)
• Timeline: We’re looking at about 4 to 6 weeks for the audit, followed by 1 to 2 weeks for fixes, and then another 1 to 3 weeks for the re-audit. We can either run the contest alongside the audit or right after the fixes are implemented.

Scenario C -- Solana DEX module (Rust, ~1,800 nSLOC; multiple programs; custom math)

• Objectives: Let's get some experienced seniors on board who know their way around Solana and stick to a solid schedule.
• Pricing plan:
  • Named per-week team: We're looking at planning for 4-6 auditor-weeks, which translates to about 2-3 calendar weeks to reach our depth targets. Just a heads up, Rust specialists tend to run at a premium compared to those working with Solidity.
  • After that, we can throw in a short invitational contest if the opportunity pops up; budget wise, we’re looking at around $25k-$75k depending on how extensive and developed the project is.
  • For reference, public ranges from Solana boutiques usually sit around ~$5k-$20k for simpler programs, but if you're dealing with multi-program DEX modules, the prices definitely climb due to their complexity. (blockapex.io)
• Timeline: We’re aiming for a 2-3 week audit, followed by a fix review that should take about 3-7 days, and if we decide to go for it, an optional contest can stretch over 7-14 days.

Scenario D -- Cross‑chain bridge or L2 component (Solidity + off‑chain agents + governance; optional ZK)

• Objectives: We want to make sure we’re ready for institutional listings, keep our governance practices sharp, and have solid guarantees for key invariants.
• Pricing plan (12 months):
  • We’re looking at a retainer with specific researchers for ongoing reviews (for reference, OpenZeppelin charges around $23k per auditor per week in their public DAO deal). Plus, we’ll have a dedicated formal-verification partner that’s similar in size to Certora’s Aave v4 package, which comes in at about $2.39M a year for 4.5 full-time equivalents. (community.venus.io)
  • We’re budgeting for 1-2 big contests ($150k-$500k each) tied to milestone releases. This should help us attract a variety of challengers. (code4rena.com)
  • We’ll also launch a public bug bounty that’s set at 5-10% of the maximum critical risk versus funds-at-risk, and we’ll need to keep at least 2-3 times the maximum critical payout stashed away in reserves. (immunefisupport.zendesk.com)
• Timeline: We’ll be working in quarterly sprints, complete with design reviews, audit rounds, and cycles for mitigation; governance and incident-response will be on retainer.

---

Hidden line items founders miss (but your CFO won’t)

• Re-audits and mitigation reviews: If you're not bundling these, expect to add about 10-30% on top of the base cost. (costbrief.org)
• Expedite/rush fees: Need things done fast? Be ready for a 20-40% increase if you want to start in under two weeks. (coredevsltd.com)
• Internal engineering time: Don't forget that your own team's time for triaging, fixing issues, running property tests, and writing invariants can really stack up--make sure to plan for that!
• Contest judging/triage: Even when there’s no platform fee, judging and validator costs can add up. Zellic has a handy breakdown of their conditional pool and judge fee separation. (zellic.io)
• Governance, listings, and re-reporting: Be aware that exchanges and integrators might want follow-up reports after big updates; it's a good idea to keep some credits or a few weeks included in your retainer. (community.venus.io)

---

Best‑in‑class procurement tactics in 2026

• First off, get the names of the team members and how often they’re meeting each week. When looking at costs, break it down by seniority instead of just looking at the total fee. Keep an eye on benchmarks like $20k/week for each auditor and around $48k/week for blended researcher groups. (runtimeverification.com)
• Make sure to enforce a code freeze and lock the scope two weeks before you kick things off. Also, nail down the re-audit timelines and pricing ahead of time. (openzeppelin.com)
• Start with depth, then switch to breadth: Have a structured week-by-week audit → fix any issues → run an invitational/public contest with a conditional prize pool → and do a re-audit based on the changes. You could set contest budgets around $100k to $200k for major releases. (code4rena.com)
• Link bounties to total value locked (TVL): Aim for 5-10% of the funds at risk as a maximum critical bounty, and keep reserves that are 2-3 times that amount. (immunefisupport.zendesk.com)
• Think about audit-linked coverage: Sherlock has protocol cover pricing bands (around 2.0-2.5%) for amounts up to $10M--this can help manage operational risk while you ramp up. (opencover.com)
• When it comes to formal guarantees, focus on buying results rather than hours worked: Define the properties, invariants, and acceptance criteria with your formal verification partner; you can also check quotes against public full-time equivalent (FTE) rate disclosures (like those from Certora) to make sure everything looks good. (governance.aave.com)

---

How to compare proposals apples‑to‑apples

Shadow Price Sheet for Vendors

This document serves as a quick reference for the shadow prices associated with each vendor we work with. It's all about understanding the value we assign to their services and products based on our internal assessments.

Vendor 1: [Vendor Name]

• Service/Product: [Description of service/product]
• Shadow Price: $[X.XX]
• Rationale: This price reflects [brief explanation of why this price was chosen, e.g., market value, quality assessment, etc.].

Vendor 2: [Vendor Name]

• Service/Product: [Description of service/product]
• Shadow Price: $[X.XX]
• Rationale: We’ve determined this price because [brief explanation of the reasoning behind the pricing].

Vendor 3: [Vendor Name]

• Service/Product: [Description of service/product]
• Shadow Price: $[X.XX]
• Rationale: The shadow price here is based on [brief explanation of factors influencing the pricing].

Vendor 4: [Vendor Name]

• Service/Product: [Description of service/product]
• Shadow Price: $[X.XX]
• Rationale: This price was established considering [brief explanation of how the price was derived].

Notes:

• Ensure that the data is updated regularly to reflect any changes in service or market conditions.
• This pricing is for internal use only and should not be shared outside of our team.

For any inquiries or updates, please reach out to [Contact Person/Department].

---

Keep this handy for quick reference!

• Check out the $/auditor-week rates based on seniority and the minimum number of weeks you need. (runtimeverification.com)
• We’ve got you covered on included rounds: initial review, fix review, number of re-audits, and the SLA for turnaround times.
• Deliverables include a solid report depth, proofs of concepts (PoCs), property tests, a threat model, and an executive summary.
• When it comes to the contest plan, we've got details on the target pool, conditionality, judging criteria, and mitigation review. (zellic.io)
• After launch, don’t forget about coverage premiums, detection & response strategies, and emergency hotlines for when you really need them. (opencover.com)

---

RFP essentials security vendors actually appreciate

• Make sure you have your commit hash frozen and your changelog ready; don't forget those architecture diagrams! Jot down any invariants that matter to you and list out external dependencies like bridges or oracles. Also, keep in mind your upgradeability and pause logic, along with any admin keys or multisig policies you have in place. Lastly, sketch out your deployment plan and outline your intended TVL for each phase. (diligence.consensys.io)
• It's also a good idea to set up your test harness and fuzzing configuration. Pay attention to gas limits and bytecode size restrictions, and make a note of any known issues or TODOs.
• Plan to have your remediation bandwidth dates set within a 1-2 week window right after the audit for the quickest turnaround on re-review. (medium.com)

---

Costed, end‑to‑end examples (with realistic numbers)

1) Token + Staking on EVM (Launching in 6 Weeks)

• Week 0: Time to freeze the code and get that RFP shipped out with a ready-to-go test suite.
• Weeks 1-2: We’re looking at a 2-week audit, costing $20k per week for 2 auditors, which adds up to about $80k. Check out runtimeverification.com for more details.
• Week 3: Fixing things up internally, nothing fancy here.
• Week 4: We’ll do a re-audit, which could be included or might run us an extra $8k-$15k, depending on the agreed terms. You can read more at costbrief.org.
• Weeks 5-6: Time for an invitational contest! We’ve got a conditional prize pool of $25k-$35k over the course of 7 days. More info on code4rena.com.
• Post-launch: We’ll kick off a bug bounty program with a maximum critical payout of $50k or 5-10% of the funds at risk, whichever amount is lower. If you're curious, check out immunefisupport.zendesk.com.
• Total Cash: We’re looking at around $105k-$130k, plus whatever time our internal engineers put in.

2) Lending Primitive (2,500 LOC, Target $50M TVL)

• Weeks 0-1: We'll kick things off with threat modeling and figuring out the invariants we need to keep an eye on.
• Weeks 2-6: This is when we hit the audit phase. We're looking at about 5 weeks of work from our senior auditors. It’ll cost around $200k-$240k if we go for a blended team, or around $140k-$180k if we hire auditors at $20k a week each. You can check out more details here.
• Weeks 7-8: Time to fix things up and bring in another audit. Expect to spend about $20k-$40k for that. More info on costs can be found here.
• Weeks 9-11: We’ll run a public contest that could cost between $100k and $150k over 14 to 21 days. Details are available here.
• Coverage: We’ll get $10M in coverage for 6 months at an annualized rate of around 2.0-2.5%, which means we’re looking at a pro-rated cost of about $100k-$125k. More on this can be found here.
• Total Year-One Security Spend: Looking at a ballpark of around $360k-$495k.

3) Solana AMM Module (1,800 nSLOC)

• Weeks 0-1: We'll kick things off with a design review and then freeze the current design.
• Weeks 2-4: Expect about 3-4 auditor-weeks with Rust specialists. Keep in mind, this might cost a bit more compared to Solidity. Many boutique firms usually quote around $5k-$20k for straightforward programs, but since AMM math and multi-program scaffolding can be complex, we're looking at higher totals. If you're curious, check out blockapex.io for more info.
• Week 5: Time for a mitigation review to address any issues.
• Optional: If the platform is open to it, we could host a 7-14 day invitational contest with a prize pool ranging from $25k-$75k.
• Total: All in all, expect to spend around ~$80k-$150k, depending on the mix of expertise we bring on board and the enthusiasm for the contest.

4) Cross‑chain bridge/L2 component (12‑month program)

• Retainer: We’re looking at around 24-36 auditor weeks with a named tier-1. Budgeting this based on about $23k per auditor week. Check out more details here.
• FV partner: We’ll need to dedicate 3-5 full-time equivalents (FTE) for invariant and governance checks. To get it right, we’ll use a public benchmark of about $2.39M per year for 4.5 FTE. More info can be found here.
• Two flagship contests: We’re planning on running contests with prize pools between $150k and $500k each for major releases. You can find out more here.
• Bug bounty: We’re thinking of a max-critical bug bounty set at 5-10% of funds at risk, while keeping reserves at about 2-3 times that amount. Check the specifics here.
• Year-one envelope: Expecting a low-seven-figure budget, which is totally justified by the significant risk reduction we’re aiming for and third-party listing requirements.

---

Why the market pays these numbers

Even with improved practices in place, losses are still significant. According to Chainalysis and CertiK, crypto theft in 2024 is expected to hit between $2.2 billion and $2.36 billion. Most of these major incidents are happening around critical infrastructure and issues with centralized key security. When you think about it, the expense of reliable security measures is just a small blip compared to the hit to your reputation and total value locked (TVL) when an exploit happens. (chainalysis.com)

---

Quick budgeting checklist (copy/paste)

• Pick your model: a fixed fee works for straightforward modules; go for weekly rates with complex or ever-changing code; consider a contest for wider coverage; and for enterprise needs, think about a retainer plus a fixed variable fee. (runtimeverification.com)
• Make sure to lock in your scope and freeze the code with a dated commit. (diligence.consensys.io)
• Set aside 10-30% for re-audits or any mitigations; if you're in a pinch, budget around 20-40% for expedited services. (costbrief.org)
• Adjust contest pools based on the risk involved (think $30k-$200k+) and make payments depend mostly on actionable high/medium findings. (code4rena.com)
• Consider setting up a bounty (keep it to 5-10% for maximum critical issues) and/or an audit-linked coverage plan (around a 2.0-2.5% premium for coverage up to $10M). (immunefisupport.zendesk.com)

---

Bottom line: price is a function of depth, diversity, and discipline

• When we talk about depth, we're referring to experienced auditors who have the time to really dig into invariants and integrations. Those weekly rates and quality standards are in place for a good reason. (runtimeverification.com)
• Diversity is all about bringing in new ideas through contests and bounties that rally a bunch of different viewpoints--everyone has a chance to weigh in, and it’s all wrapped up in a set timeframe and budget. (code4rena.com)
• Discipline shines through with code freezes, solid documentation, and how quickly fixes are rolled out--these practices help keep costs in check and timelines tight. (diligence.consensys.io)

By sticking to the public anchors mentioned above in your budget, you'll be prepared for quotes--and you'll end up with the right blend of assurance for your stage, stack, and comfort level with risk.