Zellic: Security Audits for the Cosmos Hub
Team: Zellic
Amount Approved: $440,000
Status: In Progress

Zellic: Security Audits for the Cosmos Hub

This grant is to engage Zellic as a long-term audit partner for the Cosmos Hub. This project is a result of an RFP run by the ATOM Accelerator DAO to try and address the lack of formal audits of some of Cosmos Hub’s key dependencies, as well as the haphazard way new functionality on the Cosmos Hub has been audited.

Zellic aims to conduct comprehensive security audits of Cosmos Hub features and upgrades over the following 24 months. In consultation with the Cosmos Hub Engineering Team, Zellic will also review Cosmos Hub dependencies, such as CosmWasm, Cosmos SDK, etc. The first engagements are expected to occur in H1 2025 and will cover Gaia (the binary of the Cosmos Hub), along with key dependencies to be prioritized based on risk.

Over the past few months, Zellic has been engaged multiple times by Cosmos Hub governance to perform audits for the Cosmos Hub – including the Inactive Validator Set, Permissionless ICS, and by AADAO to audit the Liquid Staking Module. Zellic has established trusted relationships and has worked on various projects within the Cosmos ecosystem, including Berachain, Initia, Osmosis, Penumbra, Injective, Celestia, and others.

In the past 18 months, the Cosmos Hub has spent $327k on one-off feature audits, with no audits to dependencies. This cost an average of $26k per audit week. With this grant, AADAO is engaging Zellic on a 20 audit-week contract, costing 23% less per audit-week than the Hub has previously spent. Any unused audit-weeks will keep rolling over for a 24-month period.

While Zellic has been tasked with auditing our key dependencies in 2025 H1, we expect them to support the new Cosmos Hub engineering team with audits of feature launches from the second half of 2025. Version bumps of dependencies after the initial audit will also have “diff-audits” performed on them.

Zellic’s partnership with Cosmos Hub aims to enhance security, reduce the risk of exploits, and safeguard staked ATOM. This improved security is expected to attract more developers and projects to the Cosmos Hub and its ecosystem, thereby increasing ATOM utility and value. Ultimately, their audits will strengthen the long-term stability and confidence in the Cosmos Hub, protecting both its assets and reputation.

About Zellic
Visit their Twitter profile Visit their website Visit their Github

Zellic works with some of the largest L1s—Solana Foundation, Aptos Labs, and Mysten Labs—and L2s—StarkNet, Scroll, and Mantle—to identify bugs in networks, application layers, custom precompiles, and more. We review L1s and L2s, cross-chain protocols, wallets and applied cryptography, web applications, and more. We also have a dedicated zero-knowledge cryptography team, and work closely with projects like Scroll, Axiom, and Succinct Labs.

Zellic is led by Stephen Tong and Jasraj Bedi, who previously founded the #1 CTF team worldwide in 2020, 2021, and 2023. Our engineers bring a rich set of skills and backgrounds, including cryptography, web security, mobile security, low-level exploitation, and finance. We’re also a founding member of the Security Alliance (SEAL) led by samczsun.

Team: Zellic
Current Status: In Progress
Funding Program: Regular Grants
Funding Category: Interchain Security

Amount Requested: Amount in their initial application, or for RFPs, their first quote or that of the nearest competitor $500,000
Amount Approved: $440,000 (88%)
Amount Paid: $0 (0%)

Date Applied: Nov 28, 2024
Date Approved: Generally includes time spent doing interviews, rescoping or amending the application, and due diligence Dec 03, 2024 (5 days)
Expected Completion Date: A date that we expect this grant's deliverables to be completed by. This of course accounts for external dependencies (e.g. governance votes), but is not a strict condition on some grants. Dec 31, 2026

Latest Approved Funding

Zellic: Security Audits for the Cosmos Hub
In Progress

Zellic: Security Audits for the Cosmos Hub

Team: Zellic
Approved: Dec 03, 2024
Amount: $440,000
Range Security: Monitoring and Threat Detection for Hydro
In Progress

Range Security: Monitoring and Threat Detection for Hydro

Team: Range Security
Approved: Nov 27, 2024
Amount: $95,000
Zephyrus: Vote aggregator for Hydro
In Progress

Zephyrus: Vote aggregator for Hydro

Team: Moonkitt
Approved: Nov 27, 2024
Amount: $85,000
ATOM Interchain Insights: Comprehensive TVL & Flow Analytics for ATOM
In Progress

ATOM Interchain Insights: Comprehensive TVL & Flow Analytics for ATOM

Team: Map of Zones
Approved: Nov 27, 2024
Amount: $91,200