[Grant Update] Zcash Ecosystem Security Lead

Community Grants Community Grants Updates
41

This is our report for February 2026:

Security Audits:

  • No security audits were completed this month.

Consultations:

  • No consultations were completed this month.

Community engagement:

  • We are looking forward to working with the ZCG Committee and some teams to plan potential audit projects.

As always, please let us know if you need assistance with security related questions or projects! You can post here or reach out to us directly: Security Consulting - Least Authority

1 Like
42

This is our report for March 2026:

Security Audits & Consultations:

  • We completed another iteration of review and feedback for the ZavaX Oracle Threat Model.
  • We delivered the Final Audit Report for our previous security audit of Zkool2.
  • We delivered the Final Audit Report for our previous security audit of ZIP 233 + Implementation (NU7).
  • No consultations were completed this month.

Community engagement and upcoming work:

  • We received a list of potential security audits from the ZCG Committee. We planned and estimated most of the items on the list and should finish the remaining plans in April, along with starting some of this work.

We’ve been actively incorporating AI assistance into our security audit processes and have blogged about it: Avoiding Knowledge Collapse in Artificial Intelligence-Assisted Security Audits - Least Authority

As always, please let us know if you have security related questions or projects! You can post here or reach out to us directly.

6 Likes
Mythos just found bugs in every OS and browser. Crypto isn't on the list. Is that a problem?
43

This is our report for April 2026:

Security Audits & Consultations:

  • We started and completed a security audit of the NEAR Intents Swap.

  • We started and completed a security audit of Warp 2.

  • We started a security audit of Zkool GraphQL + JWT authentication and expect to complete this in May.

  • We started a security audit of pepper-sync and expect to complete this in May.

  • We started a security audit of zingo-mobile and expect to complete this in June.

  • No consultations were completed this month.

Special Projects:

  • We started a special project to deploy autonomous, tool-using AI security agents with expert human validation to identify and responsibly disclose critical attacker-relevant vulnerabilities in the Zcash Ecosystem. As part of this project, we are rigorously assessing model cybersecurity capabilities and plan to open-source the defensive workflow.

Community engagement and upcoming work:

  • We have a few more audits starting in May.

As always, please let us know if you have security related questions or projects! You can post here or reach out to us directly.

3 Likes