Taran.Space has delivered 11 DeFi security projects across DEXs, AMMs, stableswaps, stablecoin infrastructure, lending and leveraged staking, vaults, yield distribution, oracle-sensitive flows, token conversion logic, and Cosmos/Solana/EVM smart contracts. The work covers STBL, Bifrost, Coinhall Genie, Hydration, Magma, MANTRA, Neptune, Osmosis Transmuter, ZIGChain, RoofRide, and Yumi Finance, with attention to accounting correctness, invariant safety, oracle integrity, privileged controls, validation paths, and fund-loss risk.
STBL is a stablecoin infrastructure protocol for token issuance, asset management, yield distribution, and operational control. We carried out the review for Hashlock, covering STBL’s Stellar/Rust smart-contract system, including asset issuer, airdrop issuer, USST/STBL token, oracle, registry, access-control, upgrade, and yield-distribution components.
Security work focused on expired-position handling, yield and accounting fairness, token blacklist and pause behavior, vault accounting assumptions, oracle configuration, role administration, and privileged controls across the protocol’s financial flows.
Empowa / NSE Housing connects Cardano smart contracts with a real-world housing-finance application linked to the Nairobi Securities Exchange. Scope included eUTXO transaction design, order-book behavior, and business-critical contract logic used to coordinate financial activity before release.
The work moved from issue discovery through fix validation and final rechecking, with attention to real-world asset flows, regulated-market context, and the reliability expectations of financial infrastructure.
Hydration is a Polkadot DeFi protocol built around shared liquidity infrastructure. In the Oak Security engagement, we reviewed Hydration’s peg-drift stableswap and oracle components, focusing on AMM invariant safety, oracle integrity, and privileged-control risks.
The review covered Substrate-based DeFi logic where pricing, liquidity movement, and administrative controls interact. Scope included stableswap behavior, oracle-dependent assumptions, edge cases around peg drift, and failure modes that could affect liquidity accounting or market correctness.
Nym is decentralized privacy infrastructure built around a mixnet that protects network-level metadata as well as message contents. Through Oak Security, we reviewed Nym’s mixnet-related on-chain components, vesting logic, and wallet security.
The review focused on user safety, key-management risk, distribution correctness, and the contract logic supporting participation, rewards, and long-term network operation.
ZIGChain is a Cosmos-based Layer 1 focused on wealth management, DeFi infrastructure, and on-chain financial applications. The audits were published by Oak Security, with our work covering multiple ZIGChain releases across custom chain modules, the x/dex module, reward-contract logic, and updates across Cosmos SDK, CosmWasm, and EVM-compatible integration surfaces.
The work spanned application-level DeFi behavior and chain infrastructure, including swap and DEX logic, reward accounting, module validation paths, smart-contract execution assumptions, and the operational safety of financial flows built into the network.
DAO DAO provides Cosmos-based infrastructure for creating and managing decentralized organizations. Its smart-contract system supports governance, treasury operations, staking and voting modules, proposal execution, and factory extensions used by DAOs across IBC-enabled ecosystems.
Our Oak Security work covered multiple DAO DAO releases, including vesting, payroll, rewards distribution, voting, and permission-granularity components. The review focused on CosmWasm/Rust contract correctness, governance execution safety, token and delegation edge cases, and the financial flows that support DAO operations.
Osmosis Transmuter is a CosmWasm/Rust component for converting between multiple assets within the Osmosis ecosystem. In Oak Security’s public reviews, we examined two versions of the Transmuter contracts, focusing on multi-asset swap behavior, conversion correctness, validation paths, and edge cases that could break accounting or allow invalid asset movement.
The work covered the invariants behind specialized liquidity and conversion flows, including how token balances, swap behavior, and contract validation interact inside a production Cosmos DeFi environment.
Yumi Finance builds DeFi vault infrastructure across Solana and EVM environments. Taran Space completed private security reviews covering a Solana/Anchor fixed-pool vault and a later EVM implementation, with focus on contract correctness, vault behavior, asset-accounting safety, and implementation risks around financial flows.
Scope spanned Rust-based Solana program logic and Solidity/EVM smart-contract surfaces, including the security of production financial contracts where implementation mistakes can directly affect user funds.
MANTRA is an EVM-compatible Layer 1 built around real-world assets and on-chain financial infrastructure. Our Oak Security work covered multiple MANTRA tracks, including DEX functionality, airdrop logic, and later claimdrop-update components across the MANTRA ecosystem.
The reviews focused on DeFi execution paths, token distribution flows, smart-contract correctness, and integration surfaces across Cosmos, EVM, Solidity, Rust, and Go components. The project adds a broad real-world-asset DeFi case with both chain-level and application-level security scope.
Bifrost Finance is a Polkadot DeFi protocol focused on liquid staking and liquidity infrastructure. The Oak Security audit included our review of Bifrost’s Substrate lend-market, leverage-staking, and prices pallets.
The work covered leveraged-staking logic, pricing and oracle integration points, economic validation paths, and risks that could lead to fund loss, manipulation, denial of service, or incorrect protocol accounting.
Magma Vaults builds DeFi vault infrastructure in the Cosmos ecosystem. In the Oak Security review, we examined Magma Core, focusing on the core vault logic and protocol behavior behind the Magma Vaults codebase.
The work covered vault accounting, liquidity-handling assumptions, contract correctness, and failure modes that could affect user funds or protocol operation. A later fix review addressed a liquidity-overflow issue and was reflected in the updated public report.
Neptune is a Cosmos/Rust protocol developed by Cryptech Developments. For Oak Security, we reviewed Neptune update work focused on the security of the codebase and the correctness of protocol-update logic.
The work covered smart-contract and protocol behavior, update safety, validation paths, and failure modes that could affect protocol operation. A later report update incorporated a missed vulnerability after fix review and publication approval.
Coinhall Genie is a Cosmos DeFi product built with CosmWasm smart contracts. In an Oak Security audit funded through Osmosis Grants Company, we reviewed the Genie contract logic and the security of the product flow.
The work focused on Rust/CosmWasm contract correctness, validation paths, state transitions, and risks that could affect user interactions or financial behavior inside the Genie application.
Swarp Pay builds wallet, payment, and launchpad infrastructure for token-based products. Taran Space reviewed its Solana/Anchor token program, covering token creation, sale mechanics, vesting, whitelist controls, token configuration, and operational scripts around launchpad execution.
Security work focused on token-sale flows, vesting behavior, supply accounting, purchase and claim logic, admin controls, and the operational assumptions needed to run a secure token launch. The engagement covered Rust-based Solana smart-contract logic connected to financial product workflows and user-facing asset operations.
Tell us what you’re building and what kind of security support you need. Telegram is usually the fastest way to reach us. For formal inquiries, you can also use email.
