What Grid Audit does — and doesn’t — promise

Grid Audit runs a suite of automated security agents against an application or website and reports the issues and risk signals they find, along with plain-language explanations and recommended fixes. The goal is to help you identify and remediate weaknesses.

An audit is a point-in-time assessment. It tells you what we were able to observe, from the outside, at the moment the scan ran — not a permanent statement about the target.

No. No security audit — automated or manual — can guarantee that an application is secure or find every possible vulnerability. Testing is largely automated and limited to the surface that is reachable at scan time.

The absence of a finding does not mean the absence of all risk. A clean result means we did not detect a problem in what we tested, not that no problem exists. Treat the report as one input into your own security decisions, not a certificate of safety.

Every assessment reflects the state of the target at the specific date and time it was scanned. Code, configuration, hosting, DNS, dependencies, page content, and even ownership of a site can all change at any moment afterward — including immediately after the scan finishes.

Because of that, a result is only meaningful for the moment it was produced. We strongly recommend re-running an audit whenever the application changes, and re-checking a third-party site before each time you rely on it.

Grid Audit identifies and reports issues to the best of its automated ability. We do not operate, control, or continuously monitor the sites and applications we assess — most of them belong to third parties — and we cannot prevent, detect in real time, or be responsible for what happens to a target after an assessment.

A "Likely Safe" or any other result is not a guarantee, an endorsement, or a recommendation to send your users somewhere. It is a snapshot of passive signals at one moment. A site that looked clean can be changed, updated, or compromised minutes later. You remain responsible for your own decision to use, link to, or send users to any site, and for monitoring it over time.

The Site Safety Check is a passive reputation review. It looks at signals such as threat-intelligence blocklists, domain age and registration, certificate validity, hosting/IP reputation, brand-impersonation and look-alike patterns, and visible page-content red flags (for example, fake wallet-connect prompts or seed-phrase harvesting). It does not log in, attack, or intrusively test the site.

Because it is passive and external, it cannot see server-side logic, content shown only to certain users or regions, behavior that triggers later, or a site that is altered after the check. It can produce both false positives and false negatives. Use it as an early-warning signal, not a final verdict.

A Grid certification reflects that, at the time of review, the project passed our technical assessment for the level shown, after any remediation and retesting. It is a statement about a point-in-time technical review.

It is not a guarantee of ongoing security, a warranty, insurance, or a promise that the project is risk-free or trustworthy in every respect. As the application evolves, its security posture can change; certifications are meant to be renewed as that happens.

Grid Audit does not take custody of funds or request private keys. We do not review tokenomics or economic models, and we do not provide financial, investment, or legal advice.

We also do not perform destructive or denial-of-service testing, social engineering, physical security assessments, or authenticated testing without explicit approval. Our checks are designed to be safe, read-only, or canary-only.

The core of every audit is automated analysis, which is fast, repeatable, and broad. Automation is excellent at coverage but cannot replace human judgment for complex business-logic flaws or context-specific risk.

For higher assurance, supplement automated results with manual review, and consider an authenticated run (with session credentials) so that checks which require a logged-in session can run.

Re-audit whenever you ship meaningful changes — new endpoints, auth changes, dependency upgrades, infrastructure changes — and on a regular cadence even if nothing obvious has changed. Security is an ongoing process, not a one-time event.

No. Grid Audit provides technical security assessments only. Nothing in a report, certification, or Site Safety Check is financial, investment, or legal advice, and nothing should be relied on as such.

You are. We surface issues and recommend fixes; deciding what to remediate, accept, or defer — and verifying that fixes work — is the owner’s responsibility. Any action taken based on a Grid Audit report or check is your own decision.