Audits: Security, Reliability, and Trust
At Dusk, security isn’t just a priority - It’s the very foundation of our protocol. With mainnet now live, we’re operating on infrastructure that’s been battle-tested long before launch. Trust is the most valuable asset we can offer to our community and the institutions building on Dusk. That’s why we’ve subjected our entire tech stack to extensive, top-tier audits by some of the most respected experts in the industry.
These audits are not a checkbox exercise; they’re about making sure that every aspect of our technology is battle-tested and ready to perform under the toughest conditions. With 10 different audits, and over 200 pages of reporting, it’s fair to say that this has been one of the most rigorous audits of any blockchain out there.
Piecrust VM & PLONK Zero-Knowledge Proving System - Audited by Porter Adams
Our Virtual Machine, Piecrust, and the PLONK zero-knowledge proving system form the backbone of Dusk’s smart contract platform and privacy features. Porter Adams, a highly respected cryptographer and security engineer, audited these components.
The Piecrust audit identified two high-severity issues - overflow/underflow risks and a potential denial of service attack. These issues were quickly resolved. Beyond these findings, Porter Adams praised the codebase’s high quality, noting its idiomatic Rust structure, extensive test coverage and thorough documentation.
For PLONK, only two low-severity findings were found, which were quickly addressed. Porter Adams was particularly impressed with the code’s quality, citing the documentation, testing and in-line comments as some of the best he has ever encountered.
BLS Signature Scheme and Hash functions (Poseidon252, SAFE) - Audited by JP Aumasson
JP Aumasson, another highly respected cryptographer, conducted an exhaustive audit on our critical cryptographic primitives, namely our BLS signatures and hashing algorithms (Poseidon and SAFE).
The audit of our BLS implementation revealed a few areas for improvement, such as making sure that all necessary checks are in place for public key validation and the secure erasure of secrets in memory. These issues were quickly fixed. The audit also praised our choice of cryptographic primitives.
Similarly, the Poseidon and SAFE hash functions were audited for implementation consistency. The findings were minimal, with minor quality issues that were addressed quickly. The audit confirmed that our implementations are both secure and consistent with their respective specifications.
Economic Protocol Design - Audited by Pol Finance
The economic protocol is the game theoretical engine of our blockchain, dictating how incentives, rewards and fees are structured. Pol Finance, a firm with deep blockchain expertise, conducted an audit of our economic framework.
Their audit confirms that our economic framework is designed for long-term sustainability, security and decentralization. By integrating a mix of new and old strategies for token emissions, distribution and gas price calculation, Dusk is positioned to create a thriving ecosystem. The report praises our dynamic token supply adjustment, which aligns with network growth, and our reward structure, designed to incentivize active participation in consensus through voting and block creation.
Protocol Security, Consensus and Node Library - Audited by Oak Security
Our protocol security, consensus mechanism and node library has gone through an extensive audit by Oak Security, a leading blockchain security firm.
The Succinct Attestation (SA) consensus protocol developed by Dusk is designed to make our blockchain operate efficiently and securely. It makes use of a committee-based Proof-of-Stake model where provisioners - our stakers - are chosen through a Deterministic Sortition algorithm. This process makes sure that the network remains resilient against threats. The audit confirms that our consensus protocol effectively balances security with performance.
The audit for SA found a number of issues around slashing incentives and voting logic. All critical and major vulnerabilities were resolved. Several recommended improvements were acknowledged and are scheduled for refinement in upcoming releases.
The Rusk node library is the core implementation of the Dusk protocol, responsible for consensus, transaction handling, and block propagation. The audit put forth a couple of issues, ranging from consensus-level bugs to minor issues and code hygiene concerns. All critical and major issues were resolved, including faulty validation logic and unbounded mempool growth. The audit praised the overall code readability and architecture.
Kadcast Networking Protocol - Audited by Blaize
Kadcast is the backbone of our peer-to-peer communication, making sure that data is efficiently propagated across the network. To validate its robustness, we asked Blaize, a respected blockchain cybersecurity firm, to conduct an in-depth audit.
The audit confirmed that Kadcast successfully meets high security standards and has excellent code quality. While a few issues were identified - such as deviations from the specifications and minor code issues - these were quickly resolved. The audit also highlighted further areas for improvement, particularly in documentation and testing, which we are committed to updating.
Overall, the audit reaffirms Kadcast’s ability of scaling with a growing number of validators and network participants while maintaining efficiency.
Phoenix - Audited by Jules de Smit
Phoenix is Dusk’s privacy-preserving transfer protocol. A zero-knowledge UTXO system built for compliant and confidential value transfers. We commissioned an independent cryptographer to audit Phoenix across both the native and in-circuit implementations.
The audit confirmed that Phoenix is well-specified and well-implemented. All logic was clearly aligned with the formal spec, and the codebase was praised for its documentation and clarity. A few minor issues were found, including a Zeroize usage improvement, a potential supply-chain attack risk related to dependency pinning, and some room for abstraction, but no critical flaws or vulnerabilities were identified. All suggestions were implemented and resolved.
One-way Bridge Migration Contract- Audited by Zellic
To support the migration from ERC20 and BEP20 DUSK to native Dusk, we built a dedicated one-way bridge contract and submitted it to Zellic for auditing. Zellic is a leading security firm known for its vulnerability research expertise across L1s, smart contracts, and cryptographic protocols.
The audit confirmed the contract’s correctness and robustness. No vulnerabilities were found. The assessment covered core attack surfaces such as reentrancy, rounding precision, and token loss scenarios, and validated the contract’s ability to perform secure, one-way conversions from ERC20/BEP20 DUSK to native DUSK.
Conclusion
At Dusk, we believe that transparency creates trust. By putting our protocol through some of the most intensive audits in the space, we’re not just telling you our network meets a certain level of security - we’re proving it.
Each audit was a milestone on our journey to mainnet. Together, they reinforce the core pillars of what we’re building; a blockchain that is secure, scalable, and ready for institutional-grade applications. And with mainnet now live, these foundations are no longer theoretical.
Our mission is to become the backbone of financial markets, enabling privacy-preserving and compliant financial solutions on-chain. These audits are essential for building the trust needed for institutional adoption. Dusk is positioned to become the trusted Financial Market Infrastructure that enables financial institutions and enterprises to issue securities and real world-assets natively, on-chain.
The published audits can be found on our audits repository: https://github.com/dusk-network/audits
