This repository contains a comprehensive list of security audit reports for Clave. All audits have been conducted by reputable security firms to ensure the highest standards of security for our smart contracts and protocols.
| Scope | Version | Auditor | Date | Status |
|---|---|---|---|---|
| Accounts | v1 | Cantina | Dec 2023 | β Completed |
| Accounts | v2 | Cantina | Mar 2024 | β Completed |
| Accounts | v2 | Nethermind | Aug 2025 | β Completed |
| ZTake | v1 | Cantina | Jul 2024 | β Completed |
| Clagg | v1 | Cantina | Jul 2025 | β Completed |
| Clagg | v2 (ZKsync) | Nethermind | Feb 2025 | β Completed |
| Clagg | v2 (EVM) | Nethermind | Jul 2025 | β Completed |
- Auditor: Cantina
- Date: December 15, 2023
- Report:
zksync-accounts_151223_Cantina.pdf - Scope: Initial security audit of Clave's account abstraction implementation on ZKsync Era
- Key Findings: Core account functionality, signature validation, and transaction execution mechanisms
- Auditor: Cantina
- Date: March 20, 2024
- Report:
zksync-accounts-v2_20032024_Cantina.pdf.pdf - Scope: Enhanced security audit covering improvements and new features in the v2 implementation
- Key Findings: Advanced account features, gas optimization, and enhanced security measures
- Auditor: Nethermind
-
- Date: August 25, 2025
- Report:
evm-accounts_250725_Nethermind.pdf - Scope:
RecoverableWebAuthnValidatoris a validator module that authenticates WebAuthn signatures and provides a time-locked social recovery mechanism,ClaveFactoryis a factory contract that deploys Nexus-based smart accounts on deterministic addresses - Key Findings: Deployments, key validation, and social recovery mechanism
- Auditor: Cantina
- Date: July 1, 2025
- Report:
v1-zksync_01072025_Cantina.pdf - Scope: Initial security audit of Clagg protocol implementation on ZKsync Era
- Key Findings: Core protocol mechanics, liquidity management, and risk assessment
- Auditor: Nethermind
- Date: February 24, 2025
- Report:
v2-zksync_24022025_Nethermind.pdf - Scope: Comprehensive security audit of Clagg v2 implementation on ZKsync Era
- Key Findings: Enhanced protocol features, improved security mechanisms, and scalability improvements
- Auditor: Nethermind
- Date: July 27, 2025
- Report:
v2-evm_27072025_Nethermind.pdf - Scope: Security audit of Clagg v2 implementation for EVM-compatible chains
- Key Findings: Cross-chain compatibility, EVM-specific optimizations, and security considerations
- Auditor: Cantina
- Date: July 5, 2024
- Report:
ztake_05072024_Cantina.pdf - Scope: Security audit of the ZTake
- Key Findings: Scope-specific security analysis and recommendations
Cantina is a security services marketplace that connects top security researchers and solutions with clients. Learn more at cantina.xyz.
Nethermind Security encompasses all of Nethermindβs blockchain expertise, zeroed in on security solutions across Web3 - including the Ethereum and zk ecosystems. Learn more at nethermind.io.
- Total Audits: 6
- Audit Companies: 2 (Cantina, Nethermind)
- Scopes: 3 (Accounts, Clagg, ZTake)
- Review Scope: Each audit report includes a detailed scope section explaining what was audited
- Check Findings: Review all findings, including severity levels and remediation status
- Verify Implementation: Ensure all recommendations have been properly implemented
- Stay Updated: New audits are added as scopes are updated or new features are deployed
For questions about these audits or Clave's security practices, please contact our team.
Last updated: July 2025