As a follow-up to our earlier announcement, Nicolás “Nikete” Della Penna has completed the first independent security and mechanism-design review of Shielded Labs’ implementation of Crosslink.
Independent security reviews are an important part of building high-security software, and this review marks the start of a broader hardening process as Crosslink transitions out of the prototype phase. The goal is not to declare the design “finished,” but to stress-test assumptions, validate core properties, and iteratively improve the design.
The review confirms that the current Crosslink design successfully introduces finality and that finality behaves as intended. This is an important validation and increases confidence in the core architecture. The review also identifies a number of critiques, proposed attacks, and potential improvements. We are actively using these results to refine and harden the design.
Not every recommendation will necessarily be adopted. Some ideas may be better suited for later iterations, including post-mainnet improvements, and in other cases we may pursue alternative solutions to the issues raised. As with any protocol design, we are carefully weighing trade offs between time-to-market, complexity, and security, rather than trying to build a protocol that is perfect in every way.
This review marks an important milestone in the development process. Before activation, we expect to carry out further security-focused analyses and independent reviews to evaluate Crosslink’s safety, production readiness, and its implications for user privacy. As the design evolves, we plan to re-engage Nikete and also seek additional independent assessments from established security audit firms.
We’re sharing the report publicly to support transparency and encourage open discussion. Over the coming week, we also plan to announce a community discussion to walk through the findings, the trade offs they raise, and how we’re thinking about next steps.
We see this kind of structured, independent review as a model for how significant protocol changes should be evaluated going forward, and we hope it becomes common practice across the ecosystem.
You can read Nikete’s full report here: https://www.nikete.com/crosslink_zebra_audit.pdf
He has also published formal proofs: https://www.nikete.com/crosslink_zebra_audit_proofs.pdf
Nikete also posted an X thread summarizing his findings here: