Zellic reviews EVM smart contracts for clients ranging from small startups to brand-name protocols. Clients include LayerZero, Sushiswap, StarkWare, Wormhole, PancakeSwap, Wintermute, Pyth, Scroll, Succinct Labs, Biconomy, Ambient Finance (formerly CrocSwap), Ethena, Beefy Finance, and Mantle. We perform reviews for contracts as simple as 20 LoC up to as complex as tens of thousands of lines.
We look past just the application layer to dive deep into EVM implementation details. We’re not just familiar with EVM bytecode and assembly, we dig through Geth source code to get to the bottom of arcane quirks and edge cases. In our review of LayerZero’s Prooflib, we investigated their RLP implementation for bypasses in state root verification. In Paradigm CTF, we contributed a challenge exploiting a JIT interpreter, which dynamically generated and executed bytecode on-chain.