Now you can write blazingly fast smart contracts on Arbitrum with Stylus.

We built StylusPort, a framework for Solana projects to deploy on Arbitrum, in collaboration with Range.

Includes:
• A migration handbook that covers migration instructions, best practices, and lots of examples
• An MCP server to empower your AI toolchain to use the migration handbook and bootstrap your migration

Unlock use cases that need SVM-level performance:
• On-chain ZK-Proof Verification
• Advanced DeFi instruments

The handbook features a detailed technical guide with practical examples and case studies. It translates essential Solana concepts like PDAs and CPI calls into their Stylus counterparts, emphasizing critical security best practices at every step.

Use the framework now, everything you need is on GitHub: https://github.com/oak-security/stylusport

Our toolbox had critical bugs

It’s easy to believe that if you have a great dev team with security experts on board, your codebase will be secure.

If you believe that, you’re probably wrong.

After writing the StylusPort codebase, we conducted an internal review, using our unique blinded auditing methodology, the same process we use for external audits. This meant assigning multiple auditors who had not written the code to review it independently.

They found several bugs. Some were critical; even one that could’ve stolen funds from previous contract users. In production, that kind of issue could wipe out billions of dollars.

“But wait, you’re the cybersecurity people. Shouldn’t your code be bulletproof?”

The reality: nobody’s code is bulletproof.

Code reviews are just one of many layers in the swiss cheese model of cybersecurity.

The team that wrote the code was focused on shipping a migration tool that worked, met deadlines, and was easy to use. Even security professionals can get tunnel vision when refactoring the same parts of a system again and again, are building software, for example if they have to refactor a part of the code multiple times, you start knowing the code too well to see the forest for the trees.

Auditors, on the other hand, don’t know the code, and that’s an advantage. They look at it with one goal: to break it.

Building and breaking are completely different skills. Think of an architect versus a demolition engineer: one specializes in creating structures; the other one knows where to place explosives to make them collapse in seconds.

Why third-party audits are standard

If you visit our GitHub, you’ll see a disclaimer, stating“an internal code/security review has been completed”

This emphasizes that no third-party audit had been performed, and hints at remaining risk.

Auditors must be neutral. Anyone claiming to have “done their own audit” will be laughed off in our industry. Credibility requires independent reviews – ideally by multiple diverse audit teams.

That’s why the most serious projects today are audited by several firms. Redundancy builds trust with users and investors, and we encourage our clients to do the same.

At Oak Security, we take it a step further: even internally, we apply our signature blinded process to reduce bias and improve audit quality.

How our blinded auditing process works

Each audit is performed by multiple auditors with relevant expertise for your project.

We emphasize redundancy, you can even choose your desired level of it.

Initially, auditors work independently, as if each were compiling their own report. They use a wide range of tools and techniques. Only later do they meet to discuss findings during the consensus meeting, followed by a collaborative phase before compiling the final report.

How this improves the industry and our auditors

When auditing alongside other firms, we typically outperform them, thanks to our ‘blinded’ approach and the caliber of our auditors.

This method reduces bias, fosters healthy competition, and lets us track the performance of each auditor and the team as a whole.

Think of it like having two pilots and one autopilot on a plane. It may seem redundant, but redundancy saves lives, and in cybersecurity, it saves capital.

Our auditors appreciate the freedom this method offers. Most are senior professionals who prefer less client overhead and more time for deep technical work.

We also staff diverse backgrounds: DeFi specialists, cryptographers, economists, and engineers, each sees different vulnerabilities. This variety consistently helps us find more issues than competitors auditing the same codebase in parallel.

Our process is more robust, less biased, and provides a 360° review of your project.

It maximizes coverage, depth, and confidence.

Book a call or get a quote

Sign up for office hours and let’s make your next deployment bulletproof (or at least, as close as possible).