Welcome to another Security Competition by Taran.Space.
Our mission is simple yet ambitious β to uncover and prevent as many security issues as possible in high-stakes open-source projects, including:
- Exploits and vulnerabilities
- Design flaws
- Backdoors
- Weak spots and unsafe practices
- Denial-of-Service (DoS) potentials
This time, weβll be auditing ZKsync OS.
The total duration of the competition is 123 hours:
- Competition start: November 3, 2025 at 1:00 PM (CET).
- Submission window opens:
November 8, 2025 at 1:00 PM (CET)(see the "Extension" section). - Submissions close:
November 8, 2025 at 4:00 PM (CET)(see the "Extension" section).
Make sure to submit within the designated timeframe.
Following the vote, we have decided to extend the competition.
New timeline (extended by 72 hours):
- Submission window opens: November 11, 2025 at 1:00 PM (CET).
- Submissions close: November 11, 2025 at 4:00 PM (CET).
Rule of thumb: every modified line of the Pull Request is in scope.
See the Pull Request for detailed scope information.
Three prizes will be awarded:
π₯ $1,000
π₯ $600
π₯ $400
All details about rules, submission process, severity levels, and prize distribution are described in the Protocol of Public Security Competitions .
If anything is unclear, feel free:
- Leave a comment directly in the document, or
- Ask your question in our Telegram channel.
To join the competition, fill out the Registration Form.
Official website: https://www.taran.space
X/Twitter: https://x.com/taran_space
BlueSky: https://bsky.app/profile/taran.space