Taran.Space has delivered 10 dedicated cross-chain security projects across bridges, interoperability protocols, cross-chain messaging stacks, IBC workflows, light-client verification, atomic-swap DEX design, and asset-transfer systems. We also review L1-L2 interoperability and rollup settlement paths in L2 systems such as ZKsync OS and Base Azul, covering message validity, replay resistance, proof verification, relayer assumptions, gateway safety, dispute-game integration, and cross-chain trust boundaries.
Snowbridge is a trustless bridge between Polkadot and Ethereum, using light-client verification instead of a trusted multisig or external validator set. Working as part of Oak Security’s team, we reviewed multiple releases, focusing on the boundaries between consensus assumptions, bridge logic, and Solidity/EVM execution.
Review scope included proof validation, replay resistance, finalized-state assumptions, and contract-side logic for accepting or rejecting cross-chain updates. The work combined cryptographic protocol review with production cross-chain infrastructure security.
VIA Labs builds cross-chain messaging infrastructure for moving data and value between blockchain networks. In a Hashlock-branded engagement, we reviewed VIA Labs’ Stellar/Soroban Rust messaging stack, covering client, fee-handler, gas-handler, message-client, and message-gateway components.
Scope centered on cross-chain message safety, gateway replay protection, destination-chain binding, processed-state handling, Soroban storage behavior, signer and finality assumptions, ABI decoding, and fee/gas handling across the messaging stack.
Hyperlane connects blockchain networks through a modular interoperability layer for cross-chain messaging and application deployment. The review was delivered under the Oak Security brand and covered Hyperlane’s CosmWasm integration components, including Cosmos-to-EVM messaging, mailbox behavior, hooks, interchain security modules, and warp-route logic.
The work focused on cross-chain message validity, replay resistance, Merkle tree handling, multisig ISM verification, validator and threshold assumptions, fee and gas behavior, and the integration risks that appear when interoperability infrastructure spans multiple execution environments.
THORChain is a cross-chain liquidity network that enables native asset swaps across blockchain ecosystems. We contributed to Oak Security’s review of THORChain hard-fork-related validator and Cosmos upgrade logic, focusing on protocol-update safety for the network.
The work covered validator-scheduled upgrade behavior, Cosmos hard-fork assumptions, Go implementation details, and failure modes that could affect network coordination during protocol transitions.
Dymension is a Cosmos-based network for modular appchains and RollApps, combining Cosmos SDK infrastructure with execution-layer components derived from the RDK and EVMOS stack. Across several Oak Security reports, our work covered core network logic, Cosmos SDK modules, and EVM-compatible execution surfaces involved in Dymension’s protocol architecture.
The reviews focused on chain-level correctness, upgrade and execution assumptions, module behavior, and the interaction between Cosmos-native infrastructure and EVM-facing components. The project adds a strong Cosmos, Go, and EVM protocol-security case to the portfolio.
Mythical Games builds blockchain infrastructure for games, digital assets, and player-owned economies. Our Oak Security work covered Mythical’s Polkadot parachain runtime, XCM configuration, and Ethereum-account handling primitives.
The review focused on runtime and transaction-safety risks, including cross-chain configuration assumptions, account-handling behavior, and protocol logic that affects how assets and transactions move through a Substrate-based gaming chain.
Centauri connected the Cosmos and Polkadot ecosystems through IBC-style light-client bridging. Our Oak Security work covered Centauri’s verification logic, relayer assumptions, trust boundaries, and the security model behind moving messages and assets between Cosmos chains and DotSama networks.
A later review covered fixes for the Grandpa CosmWasm Light Client, extending the work into proof verification and finality-related bridge logic. The engagement focused on cross-chain correctness, light-client assumptions, and the failure modes that can appear when two different interoperability ecosystems meet.
Asteroid Bridge is a Cosmos bridge project by Delphi Labs, built for moving assets and messages across connected blockchain environments. Under the Oak Security engagement, our review focused on bridge security, message-validation logic, and cross-chain trust assumptions across the bridging flow.
The work covered validation paths, asset-transfer assumptions, replay and message-integrity concerns, and the contract or protocol conditions needed to keep cross-chain movement consistent and safe.
Helix Bridge is cross-chain infrastructure for moving assets between blockchain networks. As part of Oak Security’s audit work, we reviewed Helix Bridge and xToken components, focusing on bridge security and cross-chain asset-transfer logic.
The review covered Solidity/EVM contract behavior, transfer validation, message and asset-flow assumptions, and the kinds of trust-boundary issues that can affect bridge correctness across chains.
Timewave Computer builds cross-chain automation infrastructure for the Cosmos ecosystem. We joined Oak Security’s public reviews of Timewave’s Valence Services and Covenants, focusing on CosmWasm/Rust contract behavior, IBC integration assumptions, cross-chain service workflows, and privileged-role safety.
The work covered the correctness of automated actions that depend on interchain state and messaging, including validation paths, role boundaries, and operational controls needed for secure cross-chain execution.
RoofRide is a cross-chain DEX built around atomic swaps, designed to let users exchange assets between Layer 1 blockchains without relying on a centralized exchange or custodial intermediary. Taran Space designed and prototyped the system, including Solidity smart contracts, a web application prototype integrated with the Helios light client, and a custom off-chain P2P transport protocol for distributing and executing swap orders.
The work covered cross-chain exchange architecture, swap execution flows, Solidity contract behavior, light-client-assisted verification, and the networking layer needed to coordinate orders outside a centralized backend.
Helios is a lightweight Ethereum client that lets applications verify blockchain data directly instead of relying entirely on trusted RPC providers. Taran Space built a Helios-based integration prototype for trust-minimized Ethereum state access inside a cross-chain application flow.
The work connected light-client verification with application-layer execution, showing how a web application can use verified Ethereum data while preserving a practical user experience. Scope included Helios integration, finality and checkpoint assumptions, EVM-facing contract context, and the reliability of data used in cross-chain decision-making.
Axelar is a cross-chain General Message Passing platform that enables applications to coordinate swaps, calls, and token movement across multiple blockchain networks. Taran Space participated in the public Code4rena audit competition for Axelar Network, reviewing both Rust and Solidity contracts across the Interchain Token Service and gateway-related scope.
The work focused on cross-chain token flows, gateway behavior, message handling, and implementation risks across code that connects EVM and Cosmos environments.
Synternet, formerly Syntropy, builds infrastructure for real-time multichain data, decentralized data marketplaces, and access to indexed blockchain information. Its ecosystem centers on data-layer infrastructure for applications that need live cross-chain signals, monitoring, and execution-ready data.
Taran Space worked with the team on decentralized infrastructure research and prototyping, including designs built with Polkadot SDK, Polygon Edge, and ChainBridge. The engagement focused on protocol architecture, interoperability, and the reliability of systems that coordinate data and execution across decentralized networks.
Tell us what you’re building and what kind of security support you need. Telegram is usually the fastest way to reach us. For formal inquiries, you can also use email.
