Taran.Space has delivered 5 cryptographic-proof and verification-heavy security projects across ZK-adjacent L2 systems, TEE/ZK multiproof finality, light-client bridge verification, Ethereum consensus serialization, elliptic-curve cryptography, prover resource-safety risks, and proof-path integration. The work covers Base Azul, Centauri, Snowbridge, SSZ, and ZKsync OS, with attention to proof verification, finality assumptions, serialization correctness, verifier integration, denial-of-service risk, and cryptographic edge cases.
ZKsync OS is a new RISC-based execution system for the next generation of ZKsync. Taran Space reviewed core components across multiple engagements, including the bootloader, transaction processing, EVM implementation, cache logic, and L2 interoperability paths at the center of the rollup architecture. The work also included a dedicated cryptography review focused on elliptic-curve components and proof-adjacent logic.
Across the engagements, the review covered execution correctness, transaction lifecycle safety, implementation-level edge cases, and the cryptographic foundations supporting the system’s security model.
Snowbridge is a trustless bridge between Polkadot and Ethereum, using light-client verification instead of a trusted multisig or external validator set. Working as part of Oak Security’s team, we reviewed multiple releases, focusing on the boundaries between consensus assumptions, bridge logic, and Solidity/EVM execution.
Review scope included proof validation, replay resistance, finalized-state assumptions, and contract-side logic for accepting or rejecting cross-chain updates. The work combined cryptographic protocol review with production cross-chain infrastructure security.
Hyperlane connects blockchain networks through a modular interoperability layer for cross-chain messaging and application deployment. The review was delivered under the Oak Security brand and covered Hyperlane’s CosmWasm integration components, including Cosmos-to-EVM messaging, mailbox behavior, hooks, interchain security modules, and warp-route logic.
The work focused on cross-chain message validity, replay resistance, Merkle tree handling, multisig ISM verification, validator and threshold assumptions, fee and gas behavior, and the integration risks that appear when interoperability infrastructure spans multiple execution environments.
Tell us what you’re building and what kind of security support you need. Telegram is usually the fastest way to reach us. For formal inquiries, you can also use email.
