Frequently Asked Questions

VLN (Vulnerability Lab Network) is a smart contract security firm specializing in audits, penetration testing, and incident response for blockchain gaming and DeFi projects. We're a division of Fused Gaming with 12 years of experience in security research.

Smart contract bugs have resulted in billions of dollars in losses. An audit finds vulnerabilities before hackers do, protects your users, builds trust with investors, and is often required for insurance, CEX listings, or institutional partnerships.

Timelines depend on contract complexity: Small contracts (< 500 lines) take 3-5 days, medium (500-2K lines) take 5-7 days, and large contracts (2K+ lines) take 7-14 days. Rush audits are available for an additional fee.

Yes, we routinely sign NDAs and can accommodate custom confidentiality requirements. All client code and findings are kept strictly confidential unless you request public disclosure.

1) Kickoff call to understand your project. 2) Automated scanning for common vulnerabilities. 3) Manual line-by-line code review. 4) Threat modeling and attack scenario testing. 5) Report delivery with CVSS-scored findings. 6) Fix verification (free within 30 days).

We test for all common smart contract vulnerabilities including reentrancy, integer overflow/underflow, access control issues, front-running, flash loan attacks, oracle manipulation, gas optimization issues, and business logic flaws. Our methodology is based on OWASP and SWC registry standards.

Yes! For all high and critical findings, we provide working Foundry-based proof-of-concept code that demonstrates the exploit. This helps your team understand the issue and verify the fix.

Critical bugs are flagged within 48 hours. We provide a detailed report with CVSS risk scores, impact analysis, and remediation guidance. After you fix the issues, we'll re-audit those sections for free within 30 days to verify the fixes.

Absolutely! In fact, we recommend iterative audits throughout development. This 'security-first' approach catches issues early when they're cheaper and easier to fix. We offer retainer packages specifically for this use case.

Audit pricing is based on contract complexity: $2K-4K for small contracts (< 500 lines), $5K-8K for medium (500-2K lines), and $10K+ for large contracts (2K+ lines). See our pricing page for retainer packages and other services.

Yes! We offer volume discounts for multiple audits, discounts for open-source projects, and preferential pricing for retainer clients. We also provide free initial security scans (30 minutes) to all prospects.

We accept wire transfer, stablecoins (USDC/USDT on Ethereum/Polygon), and cryptocurrency (ETH/BTC). Payment terms are typically 50% upfront and 50% upon delivery, though we're flexible for established clients.

Yes, completely free. If we find 10 issues and you fix all 10, we'll re-audit those specific code sections at no charge within 30 days. This ensures your fixes are secure and don't introduce new vulnerabilities.

Contact us immediately at info@vln.gg or via Telegram (@vlngg) for 24/7 emergency response. Time is critical. Our incident response team will help you contain the breach, analyze the attack, and potentially recover funds.

We've successfully assisted in recovering over $5.2M in stolen funds through forensic analysis, transaction tracing, and coordination with law enforcement and exchanges. Success depends on rapid response and attack specifics.

Yes, our team has provided expert testimony in 3 legal cases involving smart contract exploits. We can provide court-ready reports, expert witness testimony, and technical analysis for litigation or insurance claims.

Emergency response starts at $15,000 and varies based on complexity, urgency, and fund recovery success. We offer contingency arrangements where fees are a percentage of recovered funds. Contact us immediately if you're under attack.

VLN University provides hands-on security training workshops for development teams. Full-day workshops cover common vulnerabilities, secure coding patterns, threat modeling, and include capture-the-flag exercises. Half-day sessions are also available.

Our training is designed for Solidity developers, smart contract engineers, security engineers, and technical leads. No prior security expertise required—we tailor content to your team's experience level.

Yes! Our retainer packages provide ongoing security consulting, code review, architecture design feedback, and incident response. Packages start at $5K/month with 20 hours of consulting time. See our pricing page for details.

We've found 47 critical vulnerabilities across audited projects, assisted in recovering $5.2M in stolen funds, and maintained a 100% record—zero post-audit hacks for projects that implemented all our recommendations.

No audit can guarantee 100% security. We provide a comprehensive assessment based on industry best practices, but smart contracts are complex and new attack vectors emerge. Our 100% post-audit success rate speaks to our thoroughness.

While we maintain rigorous quality standards, if a vulnerability is exploited that we should have caught, we'll conduct a full review at no charge and work with you on remediation. Our reputation is built on thoroughness and integrity.