Taran.Space has delivered VM-focused security projects across custom interpreters, WASM execution environments, custom EVM implementations, bootloaders, metering logic, transaction processing, and execution-engine integration. The work covers Base Azul, Dusk, GnoLand, Stellar, ZIGChain, and ZKsync OS, with attention to gas and resource metering, type-system safety, EVM/WASM execution correctness, transaction safety, denial-of-service risk, and VM integration boundaries.
ZKsync OS is a new RISC-based execution system for the next generation of ZKsync. Taran Space reviewed core components across multiple engagements, including the bootloader, transaction processing, EVM implementation, cache logic, and L2 interoperability paths at the center of the rollup architecture. The work also included a dedicated cryptography review focused on elliptic-curve components and proof-adjacent logic.
Across the engagements, the review covered execution correctness, transaction lifecycle safety, implementation-level edge cases, and the cryptographic foundations supporting the system’s security model.
Stellar is a major blockchain infrastructure network for payments, tokenized assets, and financial applications. The work was delivered through public Oak Security engagements and covered Stellar Core protocol updates, with focus on correctness and consensus-sensitive changes that affect secure network operation.
Review scope included protocol logic, metering behavior, Soroban-adjacent execution, cryptographic components, and implementation details across Rust and C++ code. The work focused on changes where subtle correctness issues could affect transaction processing, resource accounting, smart-contract execution behavior, or the reliability of protocol upgrades.
GnoLand is a Layer 1 smart-contract platform built around Gno, an interpreted and deterministic language derived from Go. In public Oak Security engagements, we reviewed GnoLand’s smart-contract and execution infrastructure, including the on-chain Gno language interpreter.
The work covered interpreter behavior, VM and runtime assumptions, memory-management behavior around garbage collection, type-checking logic, contract execution, and the correctness of core platform components.
Tell us what you’re building and what kind of security support you need. Telegram is usually the fastest way to reach us. For formal inquiries, you can also use email.
