Audits and Production Validation

Security at Surf is not an afterthought or a feature add-on.

It is inherited from zkCross Network’s production-grade infrastructure, which has been designed, audited, and stress-tested across real mainnet deployments.

Independent Security Audits by Halborn

zkCross Network’s core DeFi infrastructure has undergone multiple independent security reviews by Halborn, one of the most respected blockchain security firms globally.

These audits cover:

• Core cross-chain execution logic

• Smart contracts deployed across EVM and non-EVM environments

• Soroban-based components on Stellar

• End-to-end penetration testing of the execution stack

Public references:

• Halborn case study on zkCross Network’s DeFi infrastructure

  https://www.halborn.com/case-studies/post/case-study-ensuring-security-for-zkcross-network-s-defi-infrastructure-with-halborn

• EVM Smart Contracts Audit

  https://www.halborn.com/audits/zkcross/evm-stellar-zkcrossdex-5ec240

• Non-EVM (Rust-Based) Smart Contracts Audit

  https://www.halborn.com/audits/zkcross/soroban-zkcrossdex-72ebe2

• Penetration Testing Report

  https://www.halborn.com/audits/zkcross/zkcross—penetration-test-fe0782

These reviews validate not just individual contracts, but the broader execution model, automation flows, and security assumptions underpinning the zkCross stack.

---

Proven in Production, Not Just Audited

Audits alone are not sufficient. zkCross infrastructure has also been validated through sustained mainnet usage.

• Over $140M+ in historical transaction volume

• Live deployments across multiple blockchain ecosystems

• Infrastructure operated under real market conditions, adversarial environments, and user demand

• Long-running execution systems handling cross-chain routing, liquidity movement, and automated actions

This combination of independent audits and real-world execution provides a much stronger security signal than isolated contract reviews.

---

What This Means for Surf Users?

Surf does not introduce a new, untested execution layer.

Surf runs on top of the zkCross infrastructure that already:

• Enforces deterministic execution rules

• Uses hardened signing and transaction orchestration

• Applies system-level guardrails rather than discretionary logic

• Has been reviewed, attacked, and validated by both auditors and mainnet reality

For users, this means Surf vaults are not dependent on fragile integrations or experimental execution paths. The AI layer operates within a security framework that was built first, proven first, and only then productised.

Security in Surf is inherited, not assumed.