Composable Security

Composable Security is an elite smart contract security auditing firm specializing in (re)staking, AVS, hooks, and off-chain components. Founded in August 2022 by experienced security professionals Damian Rusinek and Paweł Kuryłowicz, the company has established itself as a trusted partner for blockchain projects seeking comprehensive security solutions.

Core Services

Composable Security offers three primary services tailored to blockchain security needs:

Smart Contract Audits: Comprehensive security reviews combining threat modeling, automated testing, and manual code analysis to identify vulnerabilities before deployment. The team follows the Smart Contract Security Verification Standard (SCSVS), which they co-created, ensuring thorough examination across 20+ security categories.

Threat Modeling: Proactive security analysis that maps attack vectors, identifies critical assets, and evaluates threats based on likelihood and impact. This service helps development teams introduce security-by-design principles early in the project lifecycle.

Security Consultations: Expert advisory services providing customized solutions for unique security challenges, from architectural reviews to second-opinion assessments on complex protocol designs.

Specializations

Composable Security has developed deep expertise in several cutting-edge areas:

• Liquid (Re)Staking Protocols: Extensive experience auditing EigenLayer integrations, AVS implementations, and Symbiotic protocols
• Off-Chain Components: Security reviews of oracles, bridges, and custom blockchain implementations
• Uniswap V4 Hooks: Specialized knowledge in the new programmable AMM architecture
• EVM Protocols: StableCoins, RWA, DeFi, GameFi, and governance systems

Notable Clients and Impact

The company has audited protocols securing over $38 billion in TVL, with notable clients including Lido Finance, YieldNest, Othentic Labs, RedStone, Braintrust, Uniswap Foundation, Renzo, Ethena, and Tapioca. Over 60% of their audits have identified and helped remediate Critical or High severity vulnerabilities, demonstrating the value of their rigorous approach.

Team and Values

The founding partners bring extensive experience from both Web2 and Web3 security:

Damian Rusinek (PhD) serves as Managing Partner and Smart Contract Security Auditor, with professional security experience since 2009 and blockchain contributions since 2017. He is a co-author of SCSVS and regular speaker at conferences like ETHcc and FIL Dev Summit.

Paweł Kuryłowicz serves as Managing Partner and Smart Contract Security Auditor, with security expertise since 2017 and active DeFi security research. He is also a co-author of SCSVS and active contributor to the Web3 security community.

The company emphasizes three core values: self-development (continuous learning and knowledge sharing), responsibility (keeping commitments and thorough testing), and cooperation (supporting clients and team members through collaborative problem-solving).

Why Choose Composable Security

What sets Composable Security apart is their rejection of one-size-fits-all approaches. Each engagement is customized to the client's specific needs, threat landscape, and development stage. Their process includes regular communication, detailed reporting with actionable recommendations, and post-audit support to ensure vulnerabilities are properly resolved.

With 95% client retention for subsequent audits and 50% of clients returning for multiple engagements, Composable Security has built a reputation for delivering security services that are both rigorous and practical. Their educational contributions through blog posts, conference presentations, and open-source tools like SCSVS demonstrate a commitment to elevating security standards across the entire Web3 ecosystem.