> For the complete documentation index, see [llms.txt](https://dualguard.gitbook.io/dualguard/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://dualguard.gitbook.io/dualguard/dual-programs/secure-and-prove.md).

# Secure and Prove

***Secure and Prove*** is a co-hosted program run by DualGuard and [DOWSERS](https://www.dowsers.finance/).

It combines adversarial security review with formal verification for smart contracts.

DOWSERS is our formal verification partner. They focus on proving critical smart contract properties under clear assumptions.

### What Secure and Prove includes

Secure and Prove brings together two complementary security methods:

* **DualGuard security review:** finds vulnerabilities, exploit paths, and implementation risks through competitive review.
* **DOWSERS formal verification:** specifies and proves critical contract properties for the selected scope.
* **Shared remediation process:** gives teams actionable findings and clear proof assumptions before launch or upgrade.

### Why this program exists

Security reviews and formal verification solve different problems.

Security reviews are strong at finding unexpected attack paths, edge cases, and implementation mistakes.

Formal verification is strong at proving that critical properties hold across all valid executions of the specified system.

Used together, they give protocol teams deeper confidence in the code that matters most.

### How the program works

{% stepper %}
{% step %}

### Security review on DualGuard

DualGuard runs a security review on the agreed smart contract scope.

This phase is built to find vulnerabilities, edge cases, and implementation risks before launch or upgrade.

Teams get validated findings, severity assessment, and clear remediation guidance.
{% endstep %}

{% step %}

### Formal verification with DOWSERS

DOWSERS specifies and proves critical properties for the selected contracts.

That work focuses on the invariants and safety assumptions that matter most to the protocol design.

Teams get stronger assurance that core properties hold under the stated assumptions.
{% endstep %}
{% endstepper %}

### When Secure and Prove is a good fit

This program is a strong fit when:

* DeFi Protocols with Complex math and several flows
* core contracts protect meaningful user funds
* the protocol has strict safety properties that must always hold
* the team wants stronger assurance before launch, upgrade, or major integration

### Examples of properties that can be proved

The exact properties depend on the protocol design and scope.

Common examples include:

* access control constraints
* accounting and solvency invariants
* limits on minting, withdrawals, or state transitions

### What teams receive

Protocol teams should expect:

* a security review report with validated findings
* a formal verification report that acknowledges the contracts' safety
* clear guidance for remediation and follow-up review

### Next step

If you want to explore ***Secure and Prove***, start with a security review request and note that you want the co-hosted program with DOWSERS.

Request a security review here: <https://staging.dualguard.xyz/for-protocols>
