Beyond these measures, we constantly invest in security through automated tooling, code reviews, and internal audits to ensure zkSync Era is a future-proof zkEVM. Security is not about checking boxes; it’s a continuous state of mind.
User Education We do our best to warn the community about potential scams, but there are many out there. Always check our official Twitter page or Discord for updates. Tips on how to spot a scam twitter.com/zksync/status/1601245593254273030?s=20…
Independent Experts We work with independent security experts for more specialized topics, like identifying critical bugs in bridges, and ZK circuits. If you’re an independent researcher with a record of public disclosure looking to do work on zkSync Era, get in touch.
Bug Bounties Responsible disclosure and community contributions to security are very important for zkSync Era. Bug bounties like @Immunefi incentivize whitehats to search for bugs and report them directly to us for a bounty. Check out our bug bounty: immunefi.com/bounty/zksyncera/…
Traditional Audits Tier-1 auditors like @OpenZeppelin & @Halbornsecurity provide independent insights from their experience with issues in other codebases. Audits are about the quality of the auditors, which is why we chose the best. View our reports:era.zksync.io/docs/dev/troubleshooting/audit-bug-bounty.html…
Audit Contests Contests like @Code4rena%E2%80%99s are ideal for finding unique bugs. Auditors aim to find the most unusual bugs because the reward increases as a function of the uniqueness of the bug. View our latest contest: code4rena.com/contests/2023-03-zksync-era-system-contracts-contest…
Building a secure network requires a multi-dimensional approach to protect users against all threats. Combining methods such as audits, contests, bug bounties & independent reviews is valuable because each delivers unique strengths & helps us catch even the most subtle bugs.
• A public bug bounty with @Immunefi, featuring a $100k expansion in scope and rewards • Audits with independent researchers for specific parts of the system
Since zkSync Era launched on Testnet, we’ve run: • Multiple internal audits testing the entire system • Public audits with @OpenZeppelin and @HalbornSecurity, covering the full scope of the system • Public contests with @code4rena featuring $345k in prizes (cont'd)
Security guides every decision we make at zkSync. Here’s a look at the measures we’ve taken to secure zkSync Era as a part of our zero-compromise approach to security. #securingthemission