This grant is to engage Zellic as a long-term audit partner for the Cosmos Hub. This project is a result of an RFP run by the ATOM Accelerator DAO to try and address the lack of formal audits of some of Cosmos Hub’s key dependencies, as well as the haphazard way new functionality on the Cosmos Hub has been audited.
Zellic aims to conduct comprehensive security audits of Cosmos Hub features and upgrades over the following 24 months. In consultation with the Cosmos Hub Engineering Team, Zellic will also review Cosmos Hub dependencies, such as CosmWasm, Cosmos SDK, etc. The first engagements are expected to occur in H1 2025 and will cover Gaia (the binary of the Cosmos Hub), along with key dependencies to be prioritized based on risk.
Over the past few months, Zellic has been engaged multiple times by Cosmos Hub governance to perform audits for the Cosmos Hub – including the Inactive Validator Set, Permissionless ICS, and by AADAO to audit the Liquid Staking Module. Zellic has established trusted relationships and has worked on various projects within the Cosmos ecosystem, including Berachain, Initia, Osmosis, Penumbra, Injective, Celestia, and others.
In the past 18 months, the Cosmos Hub has spent $327k on one-off feature audits, with no audits to dependencies. This cost an average of $26k per audit week. With this grant, AADAO is engaging Zellic on a 20 audit-week contract, costing 23% less per audit-week than the Hub has previously spent. Any unused audit-weeks will keep rolling over for a 24-month period.
While Zellic has been tasked with auditing our key dependencies in 2025 H1, we expect them to support the new Cosmos Hub engineering team with audits of feature launches from the second half of 2025. Version bumps of dependencies after the initial audit will also have “diff-audits” performed on them.
Zellic’s partnership with Cosmos Hub aims to enhance security, reduce the risk of exploits, and safeguard staked ATOM. This improved security is expected to attract more developers and projects to the Cosmos Hub and its ecosystem, thereby increasing ATOM utility and value. Ultimately, their audits will strengthen the long-term stability and confidence in the Cosmos Hub, protecting both its assets and reputation.