zkSync and Code4rena Bring the Largest Competitive Audit to Web3

In the world of security, only the paranoid survive. Security is one of the biggest barriers to the mass adoption of Web3. Last year, there were over $2 Billion in bridge hacks, and recent discussions highlighted Layer 2 security risks. Until the bar for security is raised across the board, there will always be friction when it comes to onboarding new users.

Over the years as we built zkSync, the Matter Labs team has approached security as a mindset, rather than a list of checkboxes to tick off. We call this ‘defense-in-depth’; a multifaceted approach to protect users against bugs, exploits, scams and hacks.

Building a secure network with a defense in-depth mindset requires continuous monitoring, prevention and direct action to avoid any one single point of failure. Matter Labs has invested approximately $5 Million on tier-one security audits for zkSync Era, with multiple layers of protection added to the system including 24/7 monitoring, open source code, bug bounties, public contests, external reviews and more.

Competitive audits are an important piece of this security puzzle. From October 2nd – 23rd, zkSync is hosting a 1.1 Million USDC competitive audit on Code4rena—the largest-ever competition of its kind.

The ZK Nation believes that a zero-compromise approach to security is critical to achieving mass adoption. If you share the ZK Nation’s passion for security, read on and mark your calendar; this is your chance to contribute to the future of Ethereum’s mass adoption.

Put on your white hat

The 21-day competitive audit will run from 4 p.m. ET on Monday, October 2nd through 4 p.m. ET on Monday, October 23rd. The audit scope will cover several areas including:

  • L1 and L2 system smart contracts

  • Circuits

  • VM implementation

Participants are rewarded based on the nature of bugs discovered, which comes out of the 1.1 Million USDC reward pot. A minimum of 330k USDC has been committed for audit regardless. The bugs are categorized into low, medium, and high-risk tiers, so choose wisely.

Full details of the competitive audit and its scope will be provided by Code4rena once the competition is open on October 2nd. Keep an eye out for more information at the link below 👇

In the meantime, Code4rena’s judging criteria and submission process are worth reviewing so that you’re prepared to jump right in once the competitive audit opens up on October 2nd.

Strengthening the most battle-tested zkEVM

This initiative is an important component of zkSync’s mission to advance personal freedom for all, reflected in the ZK Credo, through a blockchain network that's reliable, future-proof, and, most importantly, secure.

Before launching to Mainnet Alpha, zkSync Era Testnet ran for one year with 500k active accounts, 30k smart contracts, and nearly 9 Million transactions. This makes zkSync Era the most battle-tested zkEVM, but our collective work to secure the network is far from complete.

For zkSync Era, security is a multi-layered practice combining an open-source codebase, audits, contests, bug bounties, and independent reviews. This includes 24/7 monitoring with best-in-class tools like OpenZeppelin Defender and Forta bots, as well as a 21-hour execution delay for L1 withdrawals while the system is in Alpha.

Bringing in contributors outside of Matter Labs to examine the code is equally important to these measures. Our competitive audit on Code4rena aims to set the standard for security investments in Web3 with a focus on rewarding participants for valuable contributions.

Visit Code4rena’s official competition page on Monday, October 2 at 4 p.m. ET for more details on the audit and its scope. Looking for other ways to join the ZK Nation and shape the network’s future? Follow @zkSync and join our official Discord to learn about additional opportunities to contribute.

Subscribe to zkSync
Receive the latest updates directly to your inbox.
This entry has been permanently stored onchain and signed by its creator.