.svg){kind=icon}
Now hiring!
•
.png)
Cristiano Maciel Silva holds a Ph.D. in Computer Science (2014), an MBA (2010), an MSc in Computer Science (2005), and a BSc in Computer Science (2000). Since 2022, he has led the Security Business Unit at Nethermind. Before this, he worked as a Research Engineer at Quantstamp. Recognized as a distinguished researcher by CNPq (Brazilian National Council for Scientific and Technological Development) since 2017, he also served as an Associate Professor and Head of the Department of Technology at UFSJ, Brazil, from 2010 to 2020. Earlier in his career, he managed a team of over 100 engineers at Capgemini. He has 120+ published scientific articles and over 1,340 citations in Google Scholar.
Nethermind Security provides security for EVM and Starknet protocols, large infrastructure projects, zero-knowledge, Web2 projects, and highly critical off-chain components.
What makes our audits stand out is multifaceted. Our team possesses exceptional academic rigor. This strong theoretical foundation supports the practical expertise we bring to every audit.
The workplace is excellent. Our core value is helping others. We avoid internal and external competition. We aim to use our skills to serve our colleagues, company, and clients.
We combine academic excellence with an agile and collaborative audit process. We have developed a new working method that integrates us deeply with our clients. Our approach includes frequent syncs, at least twice a week, and direct communication between our auditors and their developers, without relying on intermediaries. This close collaboration helps us build a strong understanding of the protocol’s business logic and allows for more thorough, context-aware audits. We are willing to invest more time in the process if it leads to better outcomes.
Nowadays, 70 percent of our capacity is filled by recurrent clients, without any business development effort on our end.
Our 70% repeat client rate reflects the trust we earn through this approach. Clients return not only for our technical capability but also because they view us as long-term security partners invested in their success. Nethermind Security offers a blend of academic knowledge, comprehensive security services, and a collaborative approach that reshapes the audit experience.
Our ideal clients include DeFi protocols, Layer 2 solutions, infrastructure projects, off-chain components, and institutional-grade blockchain applications. We have a proven track record of working with leading projects in each of these areas.
Trusted by the best: our clients include World, Starknet, Lido, Polygon, zkSync, Optimism, Braavos, AVNU, E-kubo, Vana, EtherFI, TempleDAO, Gyroscope, Gaia Network, Summon, and many more.
Yes, we are seeing growing interest in verifying ZK circuits, and many teams are building very sophisticated off-chain components. The quality of development teams in the blockchain space is exceptionally high — it seems this field attracts some of the best technical talent in computer engineering.
Additionally, the role of smart contract auditors is rapidly evolving beyond traditional code review. While technical rigor remains essential, auditors are increasingly expected to understand the broader context of the systems they assess, including protocol design, economic assumptions, and governance models. This shift positions auditors as business analysts who not only identify vulnerabilities in code but also evaluate whether the system behaves as intended, aligns with strategic goals, and mitigates systemic risks. As protocols grow more complex and interconnected, this holistic approach to auditing is becoming critical to ensuring long-term resilience and success.
A smart contract security audit is an independent review of a contract’s code to identify vulnerabilities, weaknesses, or areas for improvement. Audits are more than just finding bugs. It ensures the contract functions as intended, avoids unnecessary risk, meets its specifications, and has a clear market target. A collaborative audit process builds trust and helps clients proactively approach security.
The risks are substantial. Projects can suffer financial losses from exploits, face reputational harm, and lose user trust. There are many examples where unaudited or poorly audited smart contracts led to millions of dollars in losses.
We encourage developers to achieve over 90 percent in test coverage, maintain thorough documentation, and address gas inefficiencies early. Time invested in these areas before the audit begins helps ensure a more streamlined and effective process.
Our process combines manual and automated techniques. Manual reviews are essential for detecting complex logic flaws and understanding how different parts of the code interact. We use automated tools to identify common vulnerability patterns and provide broad coverage. Our testing methodologies also include fuzzing, white-box, and black-box testing to ensure a comprehensive security assessment.
Nethermind has also developed an AI tool to support Smart Contract Audits, AuditAgent, which we have incorporated into our audit cycle.
We require clients to perform an internal audit before submitting their code for our review. This practice helps us avoid spending time on minor, easily detectable issues and allows us to focus on what truly matters. The most critical vulnerabilities typically reside in implementing business logic — these are also the hardest to uncover.
Understanding business logic flaws demands several days of deep analysis to grasp how the protocol should function fully. These issues are crucial because they can fundamentally alter the system's behavior. Without catching them during the audit, clients may not realize for months that their protocol isn't operating as designed. Such misalignment carries serious consequences — marketing efforts, business plans, and user expectations might all be built around a product that behaves differently in production than intended.
Early warning signs include poorly documented code, low test coverage, and ad-hoc or overly complex architecture. These can make the code harder to understand and more vulnerable to issues.
We maintain high audit quality through internal mentoring, peer support, and continuous knowledge sharing within our experienced team. We do not foster internal competition. Our sustainable workload model, where each team audits only 700 lines per week, never having one auditor running two audits in parallel, avoiding work on weekends, helps avoid burnout and supports in-depth reviews. Team stability and close-to-zero turnover ensure consistent standards and allow for practical training of new members.
By following this strategy, our team doubles the gross revenue annually. The secret is simple: just take care of people. It doesn't matter if they’re clients, peers, colleagues, those above us, those who report to us, or even competitors. We treat everyone with the same respect, humility, and willingness to collaborate. Ultimately, we're just people doing our jobs to make a better future.
We anticipate significant growth in the use of AI tools for both writing and auditing smart contracts. Our team is prepared and eager to begin auditing AI-generated protocols. As we enter this new era, auditors must develop AI expertise. AI will introduce novel types of vulnerabilities we haven't seen before. These exciting developments are on the horizon. Let's embrace them and help shape a new world.
At Nethermind Security, we blend deep technical expertise with a tailored audit process to safeguard your smart contracts.
→ Book a consultation now
.svg)
The simplest solutions to the hardest
problems in blockchain
Nethermind © 2025
.svg)
.svg)
.svg)
.svg)
.svg)
.svg){kind=icon}
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
%20verifier_%20Nethermind!%20(1).png)
