Frequently Asked Questions

Certification confirms that a project's contract has undergone both automated and manual verification to industry standards. A SentaTrust certification means the analyzed smart contract was free from known critical and major vulnerabilities at the time of audit. Certification does not guarantee future safety and assumes no modification post-audit.

Grades are based on the severity and resolution status of all findings. The grading system considers the number and severity of vulnerabilities found, their resolution status, and the overall security posture of the contract. Higher grades indicate fewer and less severe issues, with all critical and major vulnerabilities resolved.

Certifications remain valid for the version of the contract audited; any redeployment or upgrade requires re-certification. If the contract code is modified after certification, the original certification no longer applies to the new version.

Enter the certificate ID, contract address, or project name in the verification portal. Each certificate has a unique ID (e.g., SENTA-2025-0001) and includes a SHA256 verification hash for cryptographic validation.

The audit is paused, the client is contacted privately, and the report is only published once the issue is confirmed resolved. We work directly with the development team to provide remediation guidance and ensure vulnerabilities are properly addressed before certification.

Timelines vary by package: Automated Verification takes 24 hours, Certified Audit takes 7 business days, and Professional Audit takes 10 business days. Custom enterprise audits may have different timelines based on scope.

We use industry-standard tools including Slither for static analysis, Mythril for symbolic execution, and Echidna for fuzzing. Our Senta Lab environment combines automated analysis with manual expert review to ensure comprehensive coverage.

Yes, we support audits for contracts deployed on testnets. Testnet audits are valuable for identifying issues before mainnet deployment. However, final certification is typically issued for mainnet deployments.

Yes. Once you've implemented fixes, Senta Labs performs a focused re-verification of the affected contracts. The updated report and certificate are issued under the same certificate ID with a version increment (e.g., v1.1). This ensures your certification always reflects your latest security posture.

Automated Verification ($790) provides AI-based testing and instant reports. Certified Audit ($2,900) includes manual review, comprehensive analysis, and full certification. Professional Audit ($7,500) offers advanced threat modeling, remediation guidance, and re-verification.

Yes, upgrades are possible. If you start with Automated Verification, you can apply the cost toward a Certified or Professional Audit. Contact our team to discuss upgrade options.

Refund policies vary by package and circumstances. Please review our Refund & Cancellation Policy for detailed information. Generally, refunds may be available if the audit has not yet begun.

Payments can be made directly through our secure checkout using crypto (BNB, USDT) or credit card. Invoices are automatically issued after successful payment and can be downloaded via the client dashboard. For enterprise audits, invoicing can be handled manually.

We support major blockchain networks including Ethereum, BNB Smart Chain, Polygon, Arbitrum, Optimism, Avalanche, and Solana. Additional networks can be supported on request for custom audits.

Yes, we specifically audit upgradeable contracts and proxy patterns. Our process includes EIP-1967 compliance checks, validation of upgrade mechanisms, and initializer security analysis to prevent unauthorized upgrades.

We accept Solidity source files (.sol), contract bytecode, and can work with GitHub repositories. For best results, provide complete source code with all dependencies and deployment configurations.

Yes. All submitted code and documentation are treated as strictly confidential. Senta Labs operates under NDA-level privacy standards. No source code or sensitive project data is ever shared publicly or stored beyond the verification process.