Bug Bounty
Light Protocol is hosting a bug bounty program.Security Audits
The Light protocol on-chain programs were audited by independent security firms Certora, OtterSec, Accretion, HashCloak, Neodyme, and Zellic.| Firm | Scope | Date | Report |
|---|---|---|---|
| Certora | Light Token | December ‘25 | View |
| OtterSec | CPI Context Refactor | December ‘25 | View |
| Accretion | ZK Compression v2 | June ‘25 | View |
| OtterSec | Batched Merkle Trees | June ‘25 | View |
| HashCloak | Compressed Token & ZK Compression v2 | March ‘25 | View |
| OtterSec | Zerocopy | March ‘25 | View |
| Accretion | Compressed Token Program Update | January ‘25 | View |
| Zellic | ZK Compression v1 | September ‘24 | View |
| Neodyme | ZK Compression v1 | August ‘24 | View |
| OtterSec | ZK Compression v1 | August ‘24 | View |
Groth16 Circuit Security
The ZK Compression circuit was formally verified by Reilabs. See the report here. Information about the Trusted Setup Ceremony for the groth16 circuits is here.For additional information on Light Protocol’s security policy, read here.