TL;DR: Independent smart contract audits complete on COTI’s private ERC-20 tokens and the upcoming Privacy Portal. Sayfer joins COTI as a long-term security advisor for new privacy infrastructure.
Introduction
COTI is excited to announce a partnership with Sayfer, a leading Web3-native cybersecurity consultancy that has secured billions in assets across 100+ global clients, including MetaMask, 1inch, Polkadot, Tezos, Binance Smart Chain, StarkWare, and Tenderly.
Sayfer has completed a comprehensive smart contract security audit of the infrastructure powering COTI’s next wave of privacy products, and is joining the COTI ecosystem as a trusted, long-term security advisor as COTI continues rolling out new privacy-preserving infrastructure.
As COTI continues to build out its all-in-one privacy protocol, it’s essential that the underlying code is battle-tested. With Sayfer on board, COTI users, developers, and institutions can build and transact with the assurance of industry-leading security.
Meet Sayfer: Industry-Leading Web3 Security
Founded in 2019, Sayfer is a Web3-native cybersecurity consultancy specializing in offensive-defense methodology, closing the gaps that standard security products miss. Their services span smart contract audits, penetration testing, cloud infrastructure audits, private key protection, and broader security consulting.
What sets Sayfer apart is their track record: zero client hacks to date. Their core offering is deep, line-by-line smart contract audits and high-end penetration testing for Web3 protocols, dApps, and supporting infrastructure. Sayfer’s security work is delivered by senior researchers who secure the full stack: smart contracts, blockchain infrastructure, wallets and key management, cloud environments, and web and mobile applications.
How Are COTI And Sayfer Working Together?
Sayfer conducted a multitude of independent smart contract security audits for two new additions to COTI’s privacy stack and major product releases.
1. Private Tokens on COTI Network (p.tokens)
Sayfer audited the smart contracts behind COTI’s upcoming release of private ERC-20 tokens. These are the contracts that encrypt token balances on-chain using Garbled Circuits, enabling users to hold, send, and receive private tokens with balances only they can see.
Audit scope covered encrypted balance logic, RPC handlers, key management flows, token import and validation, encrypted payload parsing, and more. Every finding from the audit was addressed and resolved by the COTI team before launch.
2. Privacy Portal Smart Contracts
Sayfer also audited the smart contracts powering the upcoming COTI Privacy Portal, the web application that lets users convert supported public tokens into a private token in one click, and back again. Giving users the ability to turn tokens private, and take advantage of the lowest cost and fastest private tokens in the world. Built on the same private ERC-20 infrastructure, the Portal contracts were stress-tested by Sayfer’s senior researchers before launch.
3. MetaMask Snap Upgrade
The latest version of the COTI MetaMask Snap will introduce full support for ctUint256, the 256-bit confidential ERC-20 standard unlocked by the Helium Mainnet upgrade.
With this upgrade will debut a series of privacy features, including private NFT support, multi-network switching between COTI Mainnet and Testnet, smarter gas handling, and a redesigned send flow, all geared toward the introduction of private tokens on COTI.
MetaMask Snap is the primary interface for interacting with private tokens created through the Privacy Portal, which was fully audited by Sayfer.
What’s On Sayfer’s Roadmap?
Beyond core audit and penetration testing services, Sayfer is preparing to launch an AI-powered security layer that brings continuous, real-time auditing to Web3, moving past the traditional point-in-time audit model.
The upcoming product pairs senior auditor expertise with AI to deliver continuous monitoring, automated vulnerability detection, and live security insights across smart contracts and protocol infrastructure. Teams can ship faster without waiting for the next audit cycle, and COTI will gain an always-on security monitoring system.
Hardened Security for an Expanding Privacy Ecosystem
COTI will continue to utilize Sayfer’s services, as they serve as a trusted security advisor for COTI’s new privacy-preserving infrastructure and features. As our suite of privacy products expands, Sayfer will be there to audit and ensure hardened security at every layer of the stack.
By pairing Sayfer’s security methodology with COTI’s Garbled Circuits-powered privacy layer, the partnership addresses a specific, critical problem: ensuring that confidential computation on a public blockchain is not just fast and flexible, but provably secure at the code level.
COTI users can trust that they are interacting, holding and transacting with private tokens on contracts that have been independently reviewed by Web3-native security experts. Similarly, developers and builders can rest assured that they are building on smart contracts that have been stress-tested at the code level.
By pairing Sayfer’s offensive-defense methodology with COTI’s privacy technology, this partnership raises the baseline for what secure, confidential Web3 infrastructure should look like.
A Word From Sayfer’s Leadership
We’ve known the COTI team for a long time. Consistently professional, deeply technical, and always pushing novel tech. It’s been a pleasure securing a project built by people who genuinely care about getting the fundamentals right.
— Or D, CTO & Co-Founder, Sayfer
About Sayfer
To explore Sayfer’s security services, visit sayfer.io. For teams interested in a smart contract audit, head directly to the smart contract audit service page, or schedule a call with the Sayfer team.
You can also follow Sayfer on X, Telegram, and LinkedIn, and browse their public audit reports and research at the Sayfer blog.
About COTI
COTI is the programmable privacy layer for Web3. Built for enterprises, builders, and agents. Powered by high-performance Garbled Circuits and enterprise-grade COTI Nightfall (ZK), COTI enables encrypted computation on any public blockchain. Fast, low-cost, and compliant privacy across DeFi, AI, and beyond.
For COTI updates and to join the conversation:
Website: coti.io
X: @COTInetwork
YouTube: COTI Network
Telegram: t.me/COTInetwork
Discord: discord.gg/COTI
GitHub: github.com/coti-io
Vibe Coders Telegram: join here