Pre-launch · building · devnet target Q2 2026read the notes
LigateLabs
Start building
Security · Audits

Audits, in public.

Every audit gets published in full, findings and all. If we haven't remediated something, we say so. No NDA audits investors never see.

Philosophy

Four rules we audit ourselves against.

01

External, not internal

Independent firms find what we can't. Internal review happens alongside, never in place of external review — the firm that approves our own work is not us.

02

Published in full

The entire report is public. Findings, severity, remediation status, our responses. No "executive summary" with the details sanded off. The only redactions we allow are customer data, and only if reports happen to include any.

03

Staged, not single-pass

Every major release gets its own scoped audit before mainnet exposure. We don't batch a year of changes into one pre-launch mega-audit that misses the integration surface where bugs actually hide.

04

Remediation is the product

A finding we didn't remediate is a feature we shipped. Audit backlog lives in the same tracker as engineering backlog, priced the same way, closed in the same standups.

Audit schedule

Where we are. What's coming.

Firm names go public at signing. No surprise “our auditor is X” marketing after the fact — the schedule here is the schedule we're running.

PlannedBefore devnet

Proof of Prompt spec v0.1

FirmNot yet engaged

Shortlisting audit firms now. Engagement signs post pre-seed.

Scope of review
  • Review of receipt schema and canonical encoding
  • BLS aggregate signature verification logic
  • Attestor quorum consensus safety properties
  • Redaction invariants (Phase 2 prep)
PlannedBefore devnet

Sovereign SDK rollup modules

FirmNot yet engaged

Likely bundled with the PoP spec firm

Scope of review
  • Custom transaction types (SubmitPrompt, ClaimProof, CreateBattle)
  • Sequencer + block production logic
  • Stake + slashing logic for attestors
  • Fee distribution and burn flows
PlannedBefore mainnet

Kleidon EVM contracts

FirmNot yet engaged

RFP process will run post pre-seed

Scope of review
  • Passify subscription NFT contracts
  • TokenForge ERC-20 factory
  • MintMarket primary + secondary market flows
  • Access control + upgradeability paths
PlannedBefore cross-chain deploy

Kleidon Solana programs

FirmNot yet engaged
Scope of review
  • SPL-based equivalents of the EVM suite
  • Anchor program security review
  • Cross-chain bridge safety (with Hyperlane review)
PlannedBefore Phase 2

ZK redactable receipts

FirmNot yet engaged

Specialist ZK audit, separate from the chain auditors

Scope of review
  • SP1 / RISC Zero circuit review
  • Zero-knowledge soundness proofs
  • Proving pipeline operational security
Found something?

Report it.

Responsible-disclosure policy, scope, safe harbor, and our response SLA are on the security page. We credit researchers in the advisory once the finding is remediated.

Read the disclosure policy →Email hello@ligate.io
Are you an audit firm?

We're always taking pitches.

Especially for ZK (SP1 / RISC Zero) and Rust rollup work. Ping hello@ligate.io.

Pitch your firm →Read the whitepaper →