FRAMEWORK v1.0 · MAY 2026
Audit packages · Smart contract risk quantification

Audits engineered like nuclear instruments. Priced for protocols, custodians, and exchanges.

Kritiq emits a five-dimensional risk vector [T, A, V, O, D] derived entirely from on-chain bytecode and open-source static analysis — no opaque heuristics, no gameable social signals. Choose the package that matches your stage, from a single-contract review to a regulator-ready, on-chain anchored attestation.

25
Threat categories
18
CTD patterns
9
UAL detectors
8
ISO standards mapped
4
Probe energies
01 · Choose your package

Three tiers. One framework. Every score reproducible from raw inputs.

Each tier uses the same Kritiq mathematics — the difference is depth of probing, breadth of modules, and whether the output is anchored on-chain for institutional and regulatory use. Sign in to the Auditor Dashboard, pick a contract address, choose your package, and the engine will run only the scope you paid for.

PKG · 01 · BASIC

Kritiq Essential

Single-contract review for MVPs & pre-launch tokens.

$ 500–800 / scan

Static-probe audit with the core Kritiq vector and the most common compliance-theater traps. Right for founders who need a credible report before launch or grant submission.

Scope
  • 1 smart contract ≤ 800 SLOC
  • Thermal probe only static Slither + Aderyn + semgrep-solidity
  • OWASP SC Top 10 coverage check
Kritiq output
  • Partial vector [T, A, D]
  • 5 highest-priority CTD patterns
  • Shannon entropy on token holders
  • Kritiq Score with band assignment
Deliverables
  • Vulnerability report PDF
  • Findings summary + remediation hints
Delivery 5–7 days
Order Essential
PKG · 02 · STANDARD

Kritiq Professional

Investor-ready audit with the full Kritiq vector and the complete CTD module.

$ 1,500–2,500 / scan

Three-probe scanning, the full eighteen-pattern compliance-theater detector, and an initial keff propagation estimate. Built for DeFi protocols, token issuers, and seed-to-Series-A launches.

Scope
  • Up to 5 contracts incl. proxies & libraries
  • Thermal + Epithermal + Fast probes static · symbolic (Mythril/Halmos) · fuzzing (Echidna)
  • Business-logic & admin-control audit
  • Upgradeability & storage-collision analysis
Kritiq output
  • Full vector [T, A, V, O, D] + composite
  • All 18 CTD patterns + 9 UAL detectors
  • Cross-section & initial keff calculation
  • Defense-in-depth shielding score μeff
  • Operational resilience: multisig, timelock, key-mgmt
  • 30-day Bayesian update window
Deliverables
  • Investor-ready report PDF + JSON
  • DeFi/token risk assessment
  • Remediation roadmap with severity priorities
Delivery 7–10 days
Order Professional
PKG · 03 · PREMIUM

Kritiq Attested

Regulator-ready, on-chain anchored attestation aligned to ISO and SOC frameworks.

$ 4,000–7,500 / system

Full four-probe scan including formal verification, complete Nuclear Risk Scanning Module, on-chain Merkle-anchored attestation, and ISO/SOC evidence packs. The package institutional counterparties — custodians, exchanges, insurers — expect to see.

Scope
  • Full contract system Diamond-proxy aware
  • All four probes thermal · epithermal · fast · cold incl. formal verification (Certora / hevm)
  • N-Version voting across detectors
  • Cross-chain & bridge analysis
Kritiq output
  • Complete NRSM σ · keff · μ · D · Φ · cps
  • Correlated-shielding model downgrades 1-of-1 multisigs honestly
  • Geiger-counter continuous monitor (90 days incl.)
  • Eligible for Band A / A+ subject to evidence
Compliance & attestation
  • ISO/IEC 27001 · 27005 · 27034 mapping
  • ISO/IEC 15408 EAL-2 through EAL-5 evidence
  • ISO 37301 compliance-mgmt mapping
  • SOC 1 & SOC 2 control mapping
  • On-chain hash anchor KritiqAnchor independently verifiable
Deliverables
  • Regulator-ready compliance dossier
  • Audit-ready architecture documentation
  • JSON report schema kritiq-1.0
Delivery 10–14 days
Order Attested
02 · At a glance

What's included where.

Capability Essential Professional Attested
Contracts in scope1up to 5full system
Probe classesthermalthermal · epithermal · fastall four (+ cold/formal)
Kritiq VectorT, A, DT, A, V, O, DT, A, V, O, D + 🟩
CTD patterns5 of 18all 18all 18 + custom
UAL detectorsall 9all 9 + monitoring
keff propagation indexinitialfull four-factor
Shielding model μeffbasiccorrelated
Geiger continuous monitor30 days90 days incl.
ISO/IEC alignmentsummary8 standards
SOC 1 / SOC 2 control mappingincluded
On-chain anchor (Merkle hash)included
Maximum achievable bandBAA+
03 · Optional add-ons

Preparation & technical support services.

Add-ons are scoped separately and quoted on request. These are preparation and technical-support services — not standalone certificates.

ADD-01
ISO 27001 Readiness Pack

Annex A control mapping, evidence dossier, and remediation checklist aligned to the O-dimension transparency baseline.

Quoted on scope · from $1,200
ADD-02
SOC 2 Type I/II Mapping

Trust-services-criteria mapping (security, availability, confidentiality) tied to your Kritiq audit evidence.

Quoted on scope · from $1,800
ADD-03
Continuous Geiger Monitoring

Real-time on-chain anomaly monitor with WebSocket alerts, Bayesian score updates, and Geiger count-rate dashboard.

$400 / month · billed annually
ADD-04
Additional Contract

Extend scope beyond package limit. Includes static, symbolic, and fuzzing coverage at the parent tier's depth.

$300 — $750 · per contract
ADD-05
Quarterly Re-Audit (Decay Refresh)

Restores the D dimension before evidence half-life expires. Includes diff-scan against last anchor.

$800 — $1,500 · per cycle
ADD-06
Formal Verification (per function)

Certora / hevm / Halmos proof on a specific function or invariant. Required for V ≥ 4.

$500 — $2,000 · per function
ADD-07
Cross-Chain Bridge Audit

Specialty review for bridges and cross-chain messaging — the highest-keff category in the 25-threat taxonomy.

From $3,500 · per bridge
ADD-08
Custom CTD Pattern

Develop and calibrate a new compliance-theater detector specific to your contract family or regulatory regime.

$600 — $1,200 · per pattern
ADD-09
UAL Monitoring for Token Holders

Wallet-level airdrop poisoning, drainer-bait, and unauthorized-listing detection. Webhook + dashboard.

$250 / month · per wallet group
100%
Reproducible
score derivation
0
Social or
qualitative inputs
8
ISO / IEC standards
mapped & aligned
On-chain
Score-hash anchor
verifiable without API
04 · Frequently asked

Things buyers usually want clarified.

We answer scoping and methodology questions in writing before any engagement. If a question below doesn't cover yours, write to us — we will respond in detail.

Is this a certification or an audit?

Kritiq is a measurement framework, not a regulatory certification. The Attested tier produces evidence packs aligned to ISO/IEC 27001, 27005, 27034, 15408, 37301, 17025, 25010, and 21434, plus SOC 1/SOC 2 control mappings, which institutional counterparties can use as input to their own compliance processes.

How is this different from CertiK or GoPlus?

Kritiq emits a five-dimensional vector with a fully published derivation rather than an opaque single number. Every input is on-chain or output of an open-source static-analysis tool — no social signals, no qualitative judgment. We also publish keff, the exploit-propagation index borrowed from reactor physics, which no other scanner computes.

What does the on-chain anchor actually do?

The Attested tier writes a Merkle hash of the full report, the score, the band, and the keff value to an immutable on-chain registry (KritiqAnchor). Wallets, DEXs, exchanges, and insurers can verify the score without trusting an off-chain API.

Why does my score decay over time?

Evidence is not timeless. Manual audits have a half-life of ~180 days, formal proofs ~365 days, fuzzing runs ~90 days. The D multiplier reflects this honestly. A token audited in 2023 should not carry the same weight in 2026 — and Kritiq is the first framework to model that mathematically.

Can my score be revised after delivery?

Yes. Every dimension is a Bayesian posterior. Re-scans, remediation, and continuous-monitoring evidence all update the score in real time at the Professional and Attested tiers. The Essential tier produces a single static snapshot.

Which chains do you support?

EVM is fully supported (Ethereum, Polygon, BSC, Arbitrum, Base, Optimism, zkSync, Linea). Solana, Move (Aptos, Sui), and CosmWasm are supported at Standard and Attested tiers with normalized intermediate-representation pipelines. Confirm scope before ordering.