RiscZero: Kailua Protocol audit report
Project Information
CATEGORY
Smart Contracts
NETWORK
Ethereum, RISC Zero
WEBSITE
https://risczero.com/
DESCRIPTION
From May 5, 2025 to May 15, 2025, RISC Zero engaged Veridise to conduct a security assessment of their Kailua Protocol. The Kailua Protocol enables OP-stack optimistic rollups to utilize zero-knowledge proofs for resolving disputes between proposed output roots. Compared to the earlier version, which Veridise has audited previously ̳, the new version addresses issues brought up in the initial audit, and introduces functionality of utilizing validity proofs to prove the legitimacy of a proposal. This report only addresses the smart contract implementation, not the off-chain zero-knowledge components. Veridise conducted the assessment over 6 person- weeks, with 3 security analysts reviewing the project over 2 weeks. The review strategy involved a tool-assisted analysis of the program source code performed by Veridise security analysts as well as thorough code review.
Audit Report
SCOPE
The scope of this security assessment is limited to the four Solidity files defined in the crates/contracts/foundry/src folder of the source code provided by the Kailua Protocol developers. It should be noted that the files in crates/contracts/foundry/src/vendor contain imported code and were not in the scope of the audit. Additionally, this version of the review did not consider any of the off-chain components.