Audits

ZKsync takes security seriously and as such, we have completed multiple audits in all critical parts of the protocol.

Audits

We always ensure that all code deployed to production has been thoroughly tested before release. Our auditing and review processes begin well before any code is deployed. We conduct internal audits, followed by independent external audits from reputable auditors. If applicable, we also hold a public auditing contest and top it off with another independent external audit.

Here is the list of completed audits (newest first):

• SSO Account OIDC Recovery Solidity Audit, OpenZeppelin, April 2025.
• ZKsync Protocol Security Review, Spearbit, April 2025.
• SSO Account Recovery Circuits Audit, OpenZeppelin, March 2025.
• EVM Interpreter & Nonces Update Audit, OpenZeppelin, March 2025.
• Guardian Recovery & Validator Audit, OpenZeppelin, March 2025.
• Crypto Precompile Audit, OpenZeppelin, March 2025.
• Era Contracts Precompile Audit, OpenZeppelin, March 2025.
• Protocol Precompiles Implementation Audit, OpenZeppelin, March 2025.
• ZKsync Era public contest, CodeHawks, from 2024-10-28 to 2024-12-02.
• Layer 1 Governance Diff Audit, OpenZeppelin, from 2024-06-05 to 2024-06-12.
• Protocol Defense Audit, OpenZeppelin, June 2024.
• Distributor Diff Audit, OpenZeppelin, May 2024.
• L2 Governance Audit, OpenZeppelin, May 2024.
• zk-Stack VM 1.5 Diff Audit, OpenZeppelin, April 2024.
• Paymaster Audit, OpenZeppelin, April 2024.
• Decentralized Governance Audit, OpenZeppelin, from 2024-04-05 to 2024-04-26.
• ZKsync Audit public contest, Code4rena, March 2024.
• ZK‑Token Capped‑Minter & Merkle‑Distributor Audit, OpenZeppelin, March 2024.
• State Transition Diff Audit, OpenZeppelin, March 2024.
• EIP‑4844 Support Audit, OpenZeppelin, February 2024.
• ZKsync Shared Bridge (USDC) Audit, Audittens, December 2024.
• ZKsync Gateway Audit, Audittens, September 2024.
• Short‑Term Fee Model Changes, OpenZeppelin, from 2023-12-06 to 2023-12-13.
• Diff and Governance Audit, OpenZeppelin, from 2023-12-04 to 2023-12-22.
• Layer 1 & 2 Diff Audit, OpenZeppelin, from 2023-11-27 to 2023-12-05.
• SNARK Wrapper Audit, Spearbit, November 2023.
• Layer 1 Messenger Upgrade, OpenZeppelin, from 2023-08-30 to 2023-09-14.
• Layer 2 Block Refactor, OpenZeppelin, from 2023-07-25 to 2023-07-31.
• Smart Contract Security Assessment, Halborn, from 2023-07-12 to 2023-07-20.
• GnosisSafeZk Assessment, OpenZeppelin, from 2023-05-22 to 2023-05-26.
• Bridge and .transfer & .send, OpenZeppelin, from 2023-04-24 to 2023-05-01.
• WETH Bridge Audit, OpenZeppelin, from 2023-03-27 to 2023-03-31.
• Layer 2 System Contracts Public Contest, Code4rena, from 2023-03-10 to 2023-03-19.
• Layer 2 Fee Model and Token Bridge, OpenZeppelin, from 2023-01-23 to 2023-02-17.
• ZK Proof System, Halborn, from 2023-01-09 to 2023-03-08.
• Layer 1 Diff Audit (Upgrade Audit), OpenZeppelin, from 2023-02-06 to 2023-02-17.
• Layer 2 Bootloader, OpenZeppelin, from 2022-11-28 to 2022-12-23.
• Layer 1 Diff Audit (Upgrade Audit), OpenZeppelin, from 2022-11-21 to 2022-11-25.
• Layer 1 Public Contest, Code4rena, from 2022-10-28 to 2022-11-09.
• Layer 2, Internal Audit, Internal, from 2022-08-17 to 2022-10-24.
• Layer 1 Smart Contracts, OpenZeppelin, from 2022-09-05 to 2022-09-30.
• Layer 1 Smart Contracts, Internal Audit, Internal, from 2022-06-14 to 2022-08-17.
• ZK Proof System, Internal Audit, Internal, from 2022-10-24 to 2022-11-18.