What makes Zellic different?

Zellic reviews EVM smart contracts for clients ranging from small startups to brand-name protocols. Clients include LayerZero, SushiSwap, StarkWare, Wormhole, PancakeSwap, Wintermute, Pyth, Scroll, Succinct Labs, Biconomy, Ambient Finance (formerly CrocSwap), Ethena, Beefy Finance, and Mantle. We perform reviews for contracts as simple as 20 LoC up to as complex as tens of thousands of lines.

We look past just the application layer to dive deep into EVM implementation details. We’re not just familiar with EVM bytecode and assembly, we dig through Geth source code to get to the bottom of arcane quirks and edge cases. In our review of LayerZero’s Prooflib, we investigated their RLP implementation for bypasses in state root verification. In Paradigm CTF, we contributed a challenge exploiting a JIT interpreter, which dynamically generated and executed bytecode on-chain.

Zellic’s dedicated zero-knowledge team combines a distinguished skill set in advanced cryptography, vulnerability research, and competitive hacking. We review circuits in Circom and Halo2 for zkEVMs, zkVMs, privacy and identity protocols, and interoperability infrastructure. Our clients include rollups (Scroll), coprocessors (Axiom), privacy primitives (Nocturne), and zk-bridges (Polyhedra).

We also actively publish original research on ZK security. Our recent efforts include a deep dive into SNARK and STARK complexity, a review of algebraic attacks of hash functions, and a breakdown of the mathematical principles behind Tornado Cash.

Zellic has deep expertise spanning the full stack of web applications — from high performance backends in Golang and Rust to client-side applications in React and Electron. The team comes from a hardcore CTF and bug bounty background, and has discovered vulnerabilities in the largest technology companies and public institutions including the US Department of Defense, Github, Yahoo, Shopify, PayPal, Adobe, CrowdStrike, Amazon, and Bitfinex.

In 2018, our CTO Jasraj Bedi found a novel DNS rebinding bug in Geth — drawing on our capabilities in web and native security.

Zellic has a dedicated team of strong theoretical and applied cryptographers. Implementing cryptographic applications securely, like Web3 wallets, is incredibly difficult. We help clients navigate a minefield of potential pitfalls and mistakes. Wallets we’ve reviewed include Aptos IdentityConnect, Pontem, and Avara (Aave Lens). We helped Privy secure their Shamir’s Secret Sharing (SSS) implementation that’s relied on by friendtech.

We look at non-custodial wallets, ERC4337 (AA), MPC, SSS, EOAs, native multisig support, enclave solutions, and social login and key recovery.

Zellic’s background in native application security is unparalleled: We breathe C, C++, x86_64, Aarch64, and SystemVerilog. We love working with embedded firmware, secure elements, and hardware wallets. We worked with the Solana Mobile team to conduct a full-stack review of their secure enclave architecture from the Android app down to the TEE. We also worked with the Interchain Foundation to review their Cosmos Ledger integration, where we uncovered and fixed critical memory corruption vulnerabilities. We’re also experts with cloud enclave stacks like KMS and AWS Nitro Enclaves. Trusted applications demand high assurance and deep systems knowledge, which our clients trust us to deliver.

Zellic are experts at program analysis, leveraging tools such as fuzzers, SMT solvers like CVC5 and Z3, LLVM, symbolic executors, and proof assistants like Lean and Coq. Our team includes researchers who have published peer-reviewed fuzzing papers and static analysis specialists. Using Z3, we formally proved the security of WETH, the world’s most relied-upon smart contract. In our work with Tristero, we uncovered a deep vulnerability through fuzzing. With Pontem, Laminar Markets, and PancakeSwap, we leveraged the Move prover to guarantee critical protocol invariants. With Mysten Labs, we thoroughly fuzzed the Move VM for deep property-based testing. These techniques create additional assurance beyond a thorough manual review.

We work with some of the largest L1s — Solana Foundation, Aptos Labs, and Mysten Labs — and L2s — StarkNet, Scroll, Mantle — to identify bugs in networks, application layers, custom precompiles, and more. Earlier this year, we discovered a critical vulnerability in Move’s bytecode verifier that put billions of dollars of risk across multiple chains.

We are also an expert in cross-chain security, working closely with bridges like LayerZero, Wormhole, Succinct Labs, and more. Our commitment to bridge security extends to governance support; we are a member of Uniswap’s Bridge Assessment Committee.

We are experts in cross-chain infrastructure, working closely with bridges like LayerZero, Wormhole, Succinct Labs, and more. Our commitment to bridge security extends to governance support; we are a member of Uniswap's Bridge Assessment Committee.

In addition, we’ve reviewed cross-chain applications including Tristero, Catalyst, Shrapnel, Cedro, and OFT/ONFT standards.

DeFi primitives — decentralized exchanges, lending markets, vaults, liquid staking derivatives, oracles, stablecoins — are among the most targeted systems. Our work with SushiSwap, Aave, Pyth, Econia, Deepbook, and more is a testament to our commitment to maximize TVL secured.

Our engineers bring a rich set of skills and backgrounds — including cryptography, web security, mobile security, low-level exploitation, and quant finance — to ensure that core financial systems are secure and robust. We cover various DSLs, including highly optimized Huff code and low-level protocol integrations.

The Move language is designed to make it difficult to write bugs, but it’s still not impossible. We work closely with Aptos Labs and Mysten Labs to ensure that both L1s are secure against Move-specific vulnerabilities, including but not limited to: lack of generics type checking, unbounded execution, arithmetic precision errors, and more.

As part of our engagement with Mysten Labs, we discovered a critical vulnerability in Sui Move’s bytecode verifier that would have placed billions of dollars at risk. We are also anchor auditors for core projects in the Move ecosystem like Econia Labs, Pontem Network, and Tsunami Finance.

Security for a network of interoperable blockchains is non-trivial. Our engagement with Cosmos-SDK and a security primer on Cosmos highlight the importance of non-determinism for Cosmos applications, which can lead to consensus failure and blockchain halts.

We work with Cosmos L1s — Berachain, Osmosis, ZetaChain, Nibiru Chain, and more — that push the limits of application sovereignty and performance. Among the major classes of Cosmos-specific security issues, we review integer overflows, lack of float associativity, panics and unbounded computation, and more.

We support Solana security across the entire stack. As part of our work with the Solana Foundation, we found a critical inflationary bug in the Zero-Knowledge confidential token transfer functionality that would’ve allowed infinite minting of tokens for free.

Writing secure Solana programs demands familiarity with invariants upheld by runtime, a myriad of account confusion, confused deputy, integer over and underflow, and many more classic security vulnerability classes. That’s why Pyth Network, Cega Finance, CoinFX, and others trust us to secure their businesses.