Taran.Space has delivered 15 Cosmos ecosystem security reviews across Cosmos SDK chains, CosmWasm smart contracts, IBC and bridge integrations, GnoLand VM work, DeFi modules, governance systems, and cross-chain execution layers. Our Cosmos track spans both Rust-heavy CosmWasm projects and Go-based Cosmos SDK/Tendermint systems, including audits for Axelar, DAO DAO, Dymension, GnoLand, Hyperlane, MANTRA, Osmosis, THORChain, Timewave, and ZIGChain.
Hyperlane connects blockchain networks through a modular interoperability layer for cross-chain messaging and application deployment. The review was delivered under the Oak Security brand and covered Hyperlane’s CosmWasm integration components, including Cosmos-to-EVM messaging, mailbox behavior, hooks, interchain security modules, and warp-route logic.
The work focused on cross-chain message validity, replay resistance, Merkle tree handling, multisig ISM verification, validator and threshold assumptions, fee and gas behavior, and the integration risks that appear when interoperability infrastructure spans multiple execution environments.
THORChain is a cross-chain liquidity network that enables native asset swaps across blockchain ecosystems. We contributed to Oak Security’s review of THORChain hard-fork-related validator and Cosmos upgrade logic, focusing on protocol-update safety for the network.
The work covered validator-scheduled upgrade behavior, Cosmos hard-fork assumptions, Go implementation details, and failure modes that could affect network coordination during protocol transitions.
GnoLand is a Layer 1 smart-contract platform built around Gno, an interpreted and deterministic language derived from Go. In public Oak Security engagements, we reviewed GnoLand’s smart-contract and execution infrastructure, including the on-chain Gno language interpreter.
The work covered interpreter behavior, VM and runtime assumptions, memory-management behavior around garbage collection, type-checking logic, contract execution, and the correctness of core platform components.
Dymension is a Cosmos-based network for modular appchains and RollApps, combining Cosmos SDK infrastructure with execution-layer components derived from the RDK and EVMOS stack. Across several Oak Security reports, our work covered core network logic, Cosmos SDK modules, and EVM-compatible execution surfaces involved in Dymension’s protocol architecture.
The reviews focused on chain-level correctness, upgrade and execution assumptions, module behavior, and the interaction between Cosmos-native infrastructure and EVM-facing components. The project adds a strong Cosmos, Go, and EVM protocol-security case to the portfolio.
Nym is decentralized privacy infrastructure built around a mixnet that protects network-level metadata as well as message contents. Through Oak Security, we reviewed Nym’s mixnet-related on-chain components, vesting logic, and wallet security.
The review focused on user safety, key-management risk, distribution correctness, and the contract logic supporting participation, rewards, and long-term network operation.
ZIGChain is a Cosmos-based Layer 1 focused on wealth management, DeFi infrastructure, and on-chain financial applications. The audits were published by Oak Security, with our work covering multiple ZIGChain releases across custom chain modules, the x/dex module, reward-contract logic, and updates across Cosmos SDK, CosmWasm, and EVM-compatible integration surfaces.
The work spanned application-level DeFi behavior and chain infrastructure, including swap and DEX logic, reward accounting, module validation paths, smart-contract execution assumptions, and the operational safety of financial flows built into the network.
DAO DAO provides Cosmos-based infrastructure for creating and managing decentralized organizations. Its smart-contract system supports governance, treasury operations, staking and voting modules, proposal execution, and factory extensions used by DAOs across IBC-enabled ecosystems.
Our Oak Security work covered multiple DAO DAO releases, including vesting, payroll, rewards distribution, voting, and permission-granularity components. The review focused on CosmWasm/Rust contract correctness, governance execution safety, token and delegation edge cases, and the financial flows that support DAO operations.
Osmosis Transmuter is a CosmWasm/Rust component for converting between multiple assets within the Osmosis ecosystem. In Oak Security’s public reviews, we examined two versions of the Transmuter contracts, focusing on multi-asset swap behavior, conversion correctness, validation paths, and edge cases that could break accounting or allow invalid asset movement.
The work covered the invariants behind specialized liquidity and conversion flows, including how token balances, swap behavior, and contract validation interact inside a production Cosmos DeFi environment.
Centauri connected the Cosmos and Polkadot ecosystems through IBC-style light-client bridging. Our Oak Security work covered Centauri’s verification logic, relayer assumptions, trust boundaries, and the security model behind moving messages and assets between Cosmos chains and DotSama networks.
A later review covered fixes for the Grandpa CosmWasm Light Client, extending the work into proof verification and finality-related bridge logic. The engagement focused on cross-chain correctness, light-client assumptions, and the failure modes that can appear when two different interoperability ecosystems meet.
MANTRA is an EVM-compatible Layer 1 built around real-world assets and on-chain financial infrastructure. Our Oak Security work covered multiple MANTRA tracks, including DEX functionality, airdrop logic, and later claimdrop-update components across the MANTRA ecosystem.
The reviews focused on DeFi execution paths, token distribution flows, smart-contract correctness, and integration surfaces across Cosmos, EVM, Solidity, Rust, and Go components. The project adds a broad real-world-asset DeFi case with both chain-level and application-level security scope.
Asteroid Bridge is a Cosmos bridge project by Delphi Labs, built for moving assets and messages across connected blockchain environments. Under the Oak Security engagement, our review focused on bridge security, message-validation logic, and cross-chain trust assumptions across the bridging flow.
The work covered validation paths, asset-transfer assumptions, replay and message-integrity concerns, and the contract or protocol conditions needed to keep cross-chain movement consistent and safe.
Magma Vaults builds DeFi vault infrastructure in the Cosmos ecosystem. In the Oak Security review, we examined Magma Core, focusing on the core vault logic and protocol behavior behind the Magma Vaults codebase.
The work covered vault accounting, liquidity-handling assumptions, contract correctness, and failure modes that could affect user funds or protocol operation. A later fix review addressed a liquidity-overflow issue and was reflected in the updated public report.
Neptune is a Cosmos/Rust protocol developed by Cryptech Developments. For Oak Security, we reviewed Neptune update work focused on the security of the codebase and the correctness of protocol-update logic.
The work covered smart-contract and protocol behavior, update safety, validation paths, and failure modes that could affect protocol operation. A later report update incorporated a missed vulnerability after fix review and publication approval.
Timewave Computer builds cross-chain automation infrastructure for the Cosmos ecosystem. We joined Oak Security’s public reviews of Timewave’s Valence Services and Covenants, focusing on CosmWasm/Rust contract behavior, IBC integration assumptions, cross-chain service workflows, and privileged-role safety.
The work covered the correctness of automated actions that depend on interchain state and messaging, including validation paths, role boundaries, and operational controls needed for secure cross-chain execution.
Coinhall Genie is a Cosmos DeFi product built with CosmWasm smart contracts. In an Oak Security audit funded through Osmosis Grants Company, we reviewed the Genie contract logic and the security of the product flow.
The work focused on Rust/CosmWasm contract correctness, validation paths, state transitions, and risks that could affect user interactions or financial behavior inside the Genie application.
Axelar is a cross-chain General Message Passing platform that enables applications to coordinate swaps, calls, and token movement across multiple blockchain networks. Taran Space participated in the public Code4rena audit competition for Axelar Network, reviewing both Rust and Solidity contracts across the Interchain Token Service and gateway-related scope.
The work focused on cross-chain token flows, gateway behavior, message handling, and implementation risks across code that connects EVM and Cosmos environments.
Whether you're gearing up for a thorough audit or are still in the planning stages of your project, we encourage you to get in touch. Our expertise extends to architecture and security consulting, catering to a diverse range of needs. Rest assured, all inquiries are attentively processed during business hours. You can expect a response within an hour; however, we appreciate your patience if it occasionally takes a few days.
