Taran.Space has delivered EVM-related work across 11 projects spanning L2 execution paths, EVMOS/RDK components, bridge contracts, gateway systems, Solidity implementations, RWA and DeFi contracts, Substrate EVM-compatible workflows, and cross-chain integrations. The work covered execution changes, transaction-processing paths, verifier assumptions, bridge trust boundaries, message validity, asset-transfer failure modes, EVM-compatible runtime behavior, and smart-contract accounting in systems where EVM compatibility carries protocol risk.
ZKsync OS is a new RISC-based execution system for the next generation of ZKsync. Taran Space reviewed core components across multiple engagements, including the bootloader, transaction processing, EVM implementation, cache logic, and L2 interoperability paths at the center of the rollup architecture. The work also included a dedicated cryptography review focused on elliptic-curve components and proof-adjacent logic.
Across the engagements, the review covered execution correctness, transaction lifecycle safety, implementation-level edge cases, and the cryptographic foundations supporting the system’s security model.
Snowbridge is a trustless bridge between Polkadot and Ethereum, using light-client verification instead of a trusted multisig or external validator set. Working as part of Oak Security’s team, we reviewed multiple releases, focusing on the boundaries between consensus assumptions, bridge logic, and Solidity/EVM execution.
Review scope included proof validation, replay resistance, finalized-state assumptions, and contract-side logic for accepting or rejecting cross-chain updates. The work combined cryptographic protocol review with production cross-chain infrastructure security.
Base Azul is Base’s first independent network upgrade, introducing Base-native clients, Ethereum spec alignment, and TEE/ZK multiproof finality on the path toward stronger L2 decentralization. Taran Space participated in the Immunefi audit competition for Azul, reviewing Rust and Solidity implementation surfaces across offchain components, upgrade logic, proof integration, and verifier-related flows.
Our submission identified a memory-pressure risk in the Nitro TEE prover: overlapping honest proving jobs could accumulate checkpoint witness data inside the enclave process and trigger process aborts or dropped work. Under sustained load, this could degrade Azul’s intended 1-day TEE/ZK fast-finality path back toward the slower 7-day withdrawal finality model.
Dymension is a Cosmos-based network for modular appchains and RollApps, combining Cosmos SDK infrastructure with execution-layer components derived from the RDK and EVMOS stack. Across several Oak Security reports, our work covered core network logic, Cosmos SDK modules, and EVM-compatible execution surfaces involved in Dymension’s protocol architecture.
The reviews focused on chain-level correctness, upgrade and execution assumptions, module behavior, and the interaction between Cosmos-native infrastructure and EVM-facing components. The project adds a strong Cosmos, Go, and EVM protocol-security case to the portfolio.
ZIGChain is a Cosmos-based Layer 1 focused on wealth management, DeFi infrastructure, and on-chain financial applications. The audits were published by Oak Security, with our work covering multiple ZIGChain releases across custom chain modules, the x/dex module, reward-contract logic, and updates across Cosmos SDK, CosmWasm, and EVM-compatible integration surfaces.
The work spanned application-level DeFi behavior and chain infrastructure, including swap and DEX logic, reward accounting, module validation paths, smart-contract execution assumptions, and the operational safety of financial flows built into the network.
This library is a Rust implementation of Ethereum’s Simple Serialize (SSZ) format, used for consensus-critical data structures in Ethereum protocol software. The public Oak Security audit included our review of serialization correctness, safety invariants, and edge cases in code that handles structured protocol data.
Review scope covered SSZ encoding and decoding behavior, Merkleization-related assumptions, data-structure boundaries, and hardening against cases that could affect consensus-client reliability or proof-related logic.
MANTRA is an EVM-compatible Layer 1 built around real-world assets and on-chain financial infrastructure. Our Oak Security work covered multiple MANTRA tracks, including DEX functionality, airdrop logic, and later claimdrop-update components across the MANTRA ecosystem.
The reviews focused on DeFi execution paths, token distribution flows, smart-contract correctness, and integration surfaces across Cosmos, EVM, Solidity, Rust, and Go components. The project adds a broad real-world-asset DeFi case with both chain-level and application-level security scope.
Helix Bridge is cross-chain infrastructure for moving assets between blockchain networks. As part of Oak Security’s audit work, we reviewed Helix Bridge and xToken components, focusing on bridge security and cross-chain asset-transfer logic.
The review covered Solidity/EVM contract behavior, transfer validation, message and asset-flow assumptions, and the kinds of trust-boundary issues that can affect bridge correctness across chains.
RoofRide is a cross-chain DEX built around atomic swaps, designed to let users exchange assets between Layer 1 blockchains without relying on a centralized exchange or custodial intermediary. Taran Space designed and prototyped the system, including Solidity smart contracts, a web application prototype integrated with the Helios light client, and a custom off-chain P2P transport protocol for distributing and executing swap orders.
The work covered cross-chain exchange architecture, swap execution flows, Solidity contract behavior, light-client-assisted verification, and the networking layer needed to coordinate orders outside a centralized backend.
Helios is a lightweight Ethereum client that lets applications verify blockchain data directly instead of relying entirely on trusted RPC providers. Taran Space built a Helios-based integration prototype for trust-minimized Ethereum state access inside a cross-chain application flow.
The work connected light-client verification with application-layer execution, showing how a web application can use verified Ethereum data while preserving a practical user experience. Scope included Helios integration, finality and checkpoint assumptions, EVM-facing contract context, and the reliability of data used in cross-chain decision-making.
Axelar is a cross-chain General Message Passing platform that enables applications to coordinate swaps, calls, and token movement across multiple blockchain networks. Taran Space participated in the public Code4rena audit competition for Axelar Network, reviewing both Rust and Solidity contracts across the Interchain Token Service and gateway-related scope.
The work focused on cross-chain token flows, gateway behavior, message handling, and implementation risks across code that connects EVM and Cosmos environments.
Synternet, formerly Syntropy, builds infrastructure for real-time multichain data, decentralized data marketplaces, and access to indexed blockchain information. Its ecosystem centers on data-layer infrastructure for applications that need live cross-chain signals, monitoring, and execution-ready data.
Taran Space worked with the team on decentralized infrastructure research and prototyping, including designs built with Polkadot SDK, Polygon Edge, and ChainBridge. The engagement focused on protocol architecture, interoperability, and the reliability of systems that coordinate data and execution across decentralized networks.
Polkadot CLI was a custom developer-tooling project for Parity Technologies, built to make interaction with the Polkadot mainnet and custom Substrate networks faster and more practical for engineering workflows. The toolset supported DevOps-style usage, network interaction, testing, and rapid prototyping around Polkadot infrastructure.
The work covered Rust-based command-line tooling for Substrate environments, including support for EVM-compatible workflows on custom networks. It combined protocol familiarity with practical developer experience, turning low-level chain operations into repeatable tools for day-to-day engineering.
Frame It was an NFT marketplace for trading and launching digital collectibles. In an Oak Security test audit, we reviewed the Solidity smart contracts behind its marketplace functionality, covering NFT trading flows and core contract behavior.
The work focused on marketplace logic, asset-transfer assumptions, Solidity implementation risks, and the contract-level conditions needed for secure buying, selling, and collection interaction.
Whether you're gearing up for a thorough audit or are still in the planning stages of your project, we encourage you to get in touch. Our expertise extends to architecture and security consulting, catering to a diverse range of needs. Rest assured, all inquiries are attentively processed during business hours. You can expect a response within an hour; however, we appreciate your patience if it occasionally takes a few days.
