Overview

The Cosmos EVM module underwent a comprehensive security audit conducted by Sherlock, a leading blockchain security firm. The audit was completed on July 28, 2025, providing an independent assessment of the module’s security posture, code quality, and potential vulnerabilities.

Audit Details

Auditor: Sherlock Audit Completion Date: July 28, 2025 Report Version: Final Pages: 203

Scope

The security audit covered the entire EVM module implementation, including:
  • Core EVM execution environment
  • Precompiled contracts and their integrations
  • State management and storage mechanisms
  • Transaction processing and gas metering
  • Integration with Cosmos SDK modules
  • Cross-chain functionality and IBC compatibility
  • Security-critical components and access controls

Key Areas of Focus

The audit specifically examined:
  1. Smart Contract Security: Analysis of precompiles and their interaction patterns
  2. State Consistency: Verification of state transitions and atomicity guarantees
  3. Gas Economics: Review of gas consumption and potential denial-of-service vectors
  4. Access Controls: Examination of permission systems and authorization mechanisms
  5. Integration Points: Assessment of module boundaries and cross-module communications
  6. Edge Cases: Testing of boundary conditions and error handling paths

Accessing the Report

The complete audit report is publicly available and can be accessed through the following link:

View Full Audit Report

Download the complete 203-page security audit report conducted by Sherlock

Recommendations

Security audits are a critical component of blockchain development. While this audit provides confidence in the module’s security, users and developers should:
  • Stay informed about any security advisories or updates
  • Follow best practices when developing applications using the EVM module
  • Report any suspected vulnerabilities through appropriate security channels
  • Keep their deployments updated with the latest security patches

Continuous Security

Security is an ongoing process. The Cosmos EVM team maintains a commitment to:
  • Regular security reviews and assessments
  • Prompt response to security disclosures
  • Transparent communication about security matters
  • Collaboration with the security research community
For security-related inquiries or to report potential vulnerabilities, please follow the Cosmos Security Policy.