Loading…
Blockchain & Web3 · MESH
Blockchain & Web3.
Smart contracts, DeFi platforms, dApps, NFT standards, MPC custody, and enterprise chain integration — built with audit-grade rigor, formal verification where the value-at-risk warrants it, and the operational discipline regulated markets require.
- Sub-services
- 6
- Department
- MESH
The problem
Most blockchain projects ship unaudited code on a public chain and find out about the bugs the hard way.
The on-chain failure mode is uniquely unforgiving: a single missed reentrancy check, an off-by-one in a token math library, a centralized admin key on a 'decentralized' protocol — and the loss is permanent, public, and immediate. The pattern across post-mortems is consistent: rushed audits at the end of development, inadequate testing under adversarial conditions, governance designs that look decentralized but route through one multisig, and operational runbooks that don't account for hostile MEV environments.
MESH — our blockchain practice — staffs every engagement with senior Solidity / Vyper / Move engineers plus a security architect from CITADEL who has reviewed audit reports for institutions you've heard of. We design test suites adversarially from day one, run differential fuzzing against reference implementations, engage external auditors before the contract goes live, and ship the operating runbook for incident response on day one of mainnet. We will also tell you honestly when 'put it on chain' is the wrong answer.
What we deliver
6 capabilities, one bench.
Smart contracts, DeFi, dApps, NFT standards, custody, and enterprise integration with chains that matter.
- 01
Smart Contract Development
Solidity, Vyper, Move — audited, gas-optimized, upgrade-aware.
- 02
DeFi Platforms
AMMs, lending markets, yield strategies, and treasury tooling.
- 03
Web3 dApps
Wallet-first user experiences with off-chain indexing.
- 04
NFT & Token Standards
ERC-721/1155, royalty enforcement, on-chain provenance.
- 05
Custody & Wallets
MPC custody, hardware-backed signing, account abstraction.
- 06
Enterprise Chain Integration
Permissioned networks, oracle bridges, audit-grade tracing.
How we engage
4 phases, in writing.
The methodology shows up in the statement of work — not as slogans, but as deliverables, owners, and acceptance criteria.
- 01
Threat modeling and value-at-risk
Discovery starts with the question 'what's the worst that can happen, and what does it cost'. We model the value-at-risk envelope, identify the trust assumptions, design the upgrade and admin pattern (or commit to immutability where appropriate), and produce a security threat model that becomes the audit scope. Architecture decisions land in writing before code does.
- 02
Engineering with adversarial test discipline
Every smart contract ships with a unit suite, a property-based fuzzing campaign (Foundry / Echidna), a differential test harness against the reference implementation where one exists, and an invariant suite. Off-chain components — indexers, relayers, front-ends — are tested against unstable RPC endpoints and hostile MEV conditions, not the happy path.
- 03
External audits before mainnet
We do not deploy contracts holding meaningful TVL without external audit. We coordinate with audit firms (we have working relationships with several reputable ones), stage code for audit at the right phase, manage findings and remediation, and ship the audit report alongside the contract. For contracts above a customer-defined value threshold, we recommend formal verification of the critical invariants.
- 04
Operating discipline on day one
Mainnet launch comes with a documented incident response plan, named on-call, monitoring on critical invariants, an upgrade-and-pause runbook, and a treasury custody pattern that actually survives. Many of our engagements continue under Managed Services for ongoing chain monitoring and quarterly audits as the protocol evolves.
Capabilities
What’s in scope.
- Smart contracts: Solidity, Vyper, Move — audited and formally verified
- DeFi: AMMs, lending markets, yield strategies, treasury and risk tooling
- Web3 dApps: wallet-first UX, off-chain indexing, gasless transactions
- NFT and token standards: ERC-721/1155, royalty enforcement, on-chain provenance
- Custody: MPC wallets, hardware-backed signing, account abstraction (ERC-4337)
- Enterprise chain integration: permissioned networks, oracle bridges, audit tracing
- Adversarial testing: Foundry fuzzing, Echidna, Halmos, Slither, Mythril
- Formal verification of critical invariants where value-at-risk warrants it
Stack
Tools we use in production.
- Smart contract languages
- SolidityVyperMoveCairoRust (Solana)
- Chains
- EthereumOptimismBaseArbitrumPolygonSolanaAptos
- Dev tooling
- FoundryHardhatAnchorMove CLITenderly
- Security & testing
- SlitherMythrilEchidnaHalmosCertoraManticore
- dApp frontend
- Next.jsRainbowKitwagmiviemethers.js
- Off-chain & indexing
- The GraphGoldskySubsquidPostgres + custom indexers
Selected work
Quantified outcomes, not adjectives.
- 01DeFi
$340M
TVL operated post-relaunchLending protocol redesign and audit remediation for a top-50 DeFi platform.
Re-architected the protocol's collateral management, risk parameters, and governance frame after a near-miss exploit. Three external audits, formal verification of critical invariants, and a phased relaunch under explicit value caps.
9 months
- 02Enterprise / Tokenization
$120M
issuance in first yearTokenized real-world-assets platform for an institutional issuer.
ERC-3643-aligned compliant token issuance, KYC-gated transfers, and on-chain investor records integrated with the issuer's existing back-office. Permissioned chain deployment with audited bridge to Ethereum mainnet.
11 months
- 03Consumer Web3
94%
first-time-success transaction rateAccount-abstraction wallet for a consumer fintech with 240K users.
ERC-4337 smart accounts with social recovery, sponsored gas, and session keys for in-app actions. MPC hot-wallet for app operator with hardware-backed cold storage. Migration tooling for users coming off EOA wallets.
7 months
Common questions
Asked before the first call.
- 01
Do you build for production or only POCs?
Production only — the same as every other practice at Prosigns. We don't take on POC-only blockchain engagements; the failure modes for unaudited or under-tested contracts are too expensive. Every engagement scopes to mainnet deployment with audit, monitoring, and incident response runbooks. POC-style work is better served by your internal R&D function or a different vendor.
- 02
Which chains do you actually have shipped experience on?
By production deployment volume: Ethereum and L2s (Optimism, Arbitrum, Base, Polygon zkEVM) lead. Solana for high-throughput and consumer use cases. Aptos / Sui (Move) for tokenization and enterprise. We have shipped permissioned-network deployments (Hyperledger Besu, Polygon Edge, R3 Corda) for institutional clients. We will tell you honestly when a chain choice is being driven by hype rather than fit.
- 03
Do you do audits, or do you commission external ones?
Both, depending on scope. CITADEL (security) runs internal review on every engagement — adversarial testing, code review, and threat modeling. For contracts holding meaningful TVL, we coordinate one or more external audits with reputable firms (we maintain working relationships with several, listed in the engagement memo). For institutional clients above a defined value threshold, we recommend formal verification of critical invariants.
- 04
What about MEV and front-running protection?
Designed in from architecture, not patched post-launch. We use commit-reveal, batched matching, private order flow (MEV-Share, MEV-Blocker), and protocol-owned sequencing where the threat model warrants it. We also tell you when a workload is fundamentally MEV-exposed and the right answer is a different architecture or chain.
- 05
How do you handle key custody and governance?
We design the trust model first — who can do what, under which constraints, with which recovery path. MPC for hot operations, hardware-backed cold storage for treasury, multisigs with named human owners and explicit time-locks for governance. We will tell you when a 'decentralized' design is one multisig away from being centralized — and document the tradeoffs in writing.
- 06
Can you support enterprise / regulated chain deployments?
Yes. We've shipped permissioned-network deployments for financial services, supply chain, and government clients, including KYC-gated token issuance under ERC-3643 / ERC-1404 patterns and bridge architectures to public chains. Compliance evidence is collected continuously rather than retrofitted before a regulator inquiry.
- 07
What does a blockchain engagement cost?
Threat modeling and architecture: 4–6 weeks, $60K–$180K. Production smart-contract development with audit: 4–9 months, $500K–$2M depending on protocol complexity and value-at-risk. Multi-chain platforms with custody and dApp: $1.5M–$5M+. Managed services for ongoing chain monitoring and audit cadence: $40K–$150K monthly retainer. External audit fees pass through to the customer at cost. Brackets published honestly so visitors self-qualify before the first call.
Related practices
Often paired with Blockchain & Web3.
Talk to us
Bring a blockchain & web3 problem. We’ll bring a senior engineer.
A senior engineer plus the MESH department lead joins the first call. No discovery gauntlet, no junior reps, no obligation.