Our background in traditional infosec and competitive hacking has enabled us to consistently discover hidden vulnerabilities and develop novel security research. It’s earned us the reputation as the go-to security firm for teams whose rate of innovation outpaces the existing security landscape. We identify complex vulnerabilities that threaten the future of your software.
Among others, LayerZero, Jump, and the Solana Foundation rely on Zellic’s expertise. From crypto titans to small startups, our clients are pioneers of the tech sector. The world trusts our clients to build the future. Our clients trust us to secure that vision.
A billion dollar bug in the Move bytecode verifier
Zellic × Mysten Labs
Mysten Labs is the organization behind Sui, a Move-based L1. As part of our engagement, we were tasked with securing Sui’s Move bytecode verifier and programmable transactions. This verifier is shared among all Move-based blockchains, including Aptos.
We discovered a critical bug that placed potentially billions of dollars at risk. It affected the construction of the control flow graph of a function, and would have allowed attackers to obtain multiple mutable references to an object, retain a mutable reference to an object that was moved, and to drop an object without the drop ability.
Overwriting the stack with a buffer overflow bug
Zellic × Cosmos SDK
The Cosmos SDK provides developers a framework to easily create their own application-specific chain that can communicate with other chains via the inter-blockchain communication (IBC) protocol. Our engagement focused on Sign Mode Textual, a new string-based sign mode that is targeted at signing with hardware devices.
We discovered a buffer overflow in the function responsible for converting ASCII control characters to their escape sequence equivalents, due to the length count only being able to hold a value of 255 before overflowing. An attacker could have abused this critical bug to overwrite the stack of the ledger and partially control the instruction pointer and registers.
Permanently locking user funds between two chains
Zellic × Layer Zero
LayerZero is an omni-chain interoperability protocol. Over the course of more than a year, we have completed 12+ audits for core contracts, OFT wrapper, router and fee library, Stargate, Ultra Light Node v2, and more.
As part of our Stargate review, we identified a severe business logic bug that could potentially lead to desynchronisation of token balances in swaps between two chains. This error would have broken the Instant Finality Guarantee and led to user funds being permanently locked.
Assessing bridge architectures for Uniswap
Zellic × Uniswap Foundation
In February 2023, the Uniswap Foundation convened a committee of experts to develop a framework to evaluate cross-chain bridges in DAO governance. Zellic’s CTO Jasraj Bedi was a core member of the committee.
The Committee evaluated six bridges and approved two for the DAO’s cross-chain governance use case, and determined that a multi-bridge architecture was likely the best option for Uniswap.
Top organizations rely on Zellic to protect their systems. Give your users the security they deserve.
Forky identifies important differences between a fork of a known protocol and its parent — in plain English.