Taran.Space has delivered security audits for ZKsync OS and Base Azul. The work covers rollup execution infrastructure, bootloader logic, transaction processing, EVM implementation, L2 interoperability, TEE/ZK multiproof finality, dispute-game integration, prover resource-safety risks, and cryptography-adjacent components in production-grade L2 systems.
ZKsync OS is a new RISC-based execution system for the next generation of ZKsync. Taran Space reviewed core components across multiple engagements, including the bootloader, transaction processing, EVM implementation, cache logic, and L2 interoperability paths at the center of the rollup architecture. The work also included a dedicated cryptography review focused on elliptic-curve components and proof-adjacent logic.
Across the engagements, the review covered execution correctness, transaction lifecycle safety, implementation-level edge cases, and the cryptographic foundations supporting the system’s security model.
Base Azul is Base’s first independent network upgrade, introducing Base-native clients, Ethereum spec alignment, and TEE/ZK multiproof finality on the path toward stronger L2 decentralization. Taran Space participated in the Immunefi audit competition for Azul, reviewing Rust and Solidity implementation surfaces across offchain components, upgrade logic, proof integration, and verifier-related flows.
Our submission identified a memory-pressure risk in the Nitro TEE prover: overlapping honest proving jobs could accumulate checkpoint witness data inside the enclave process and trigger process aborts or dropped work. Under sustained load, this could degrade Azul’s intended 1-day TEE/ZK fast-finality path back toward the slower 7-day withdrawal finality model.
Dymension is a Cosmos-based network for modular appchains and RollApps, combining Cosmos SDK infrastructure with execution-layer components derived from the RDK and EVMOS stack. Across several Oak Security reports, our work covered core network logic, Cosmos SDK modules, and EVM-compatible execution surfaces involved in Dymension’s protocol architecture.
The reviews focused on chain-level correctness, upgrade and execution assumptions, module behavior, and the interaction between Cosmos-native infrastructure and EVM-facing components. The project adds a strong Cosmos, Go, and EVM protocol-security case to the portfolio.
Tell us what you’re building and what kind of security support you need. Telegram is usually the fastest way to reach us. For formal inquiries, you can also use email.
