In May 2021, Horizen engaged Coinspect to audit the security of its Zendoo open sidechain platform. The objective of this audit was to evaluate the security of the framework and the Cross-Chain Transfer Protocol (CCTP) to identify vulnerabilities that might allow adversaries to take advantage of the mainchain and sidechains interactions.
The platform is composed of mainchain and sidechain modules. The focus of this audit were the mainchain modules, the security of the sidechains and their specific implementation were not evaluated during this audit.
Overall, Coinspect did not find any high risk security vulnerability that would directly result in stolen or lost user funds. However, some vulnerabilities are reported that can affect the mainchain availability (and all sidechains availability as a result) and could be abused by attackers to target specific nodes or mount network wide attacks that could weaken the integrity of the blockchain.
Five high risk vulnerabilities were found, you can download the detailed source code audit report in the link below.