> For the complete documentation index, see [llms.txt](https://zkmarkets.gitbook.io/zkmarkets/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://zkmarkets.gitbook.io/zkmarkets/marketplace-features/audits.md). # ⋄ Audits At zkMarkets, we take security very seriously and are committed to ensuring the safety and reliability of our platform. To uphold this commitment, we are engaging in private audits and contests to conduct thorough audits of our marketplace. Our contracts are inspired by Seaport, one of the most battle-tested protocols, following the same off-chain signature and on-chain trade execution model. However, our implementation is more gas-efficient, focusing solely on listings, offers, and collection offers within a Diamond standard architecture. With over two years of runtime, our contracts have never been exploited. We've conducted multiple internal reviews and audits, including: * A comprehensive private audit by HHK. * A Sherlock pre-audit assessment. * Contract EOA and AA signature validation by zkSync. * ERC-20 price feed review by Chainlink. For further risk mitigation: * ERC-20 approvals are limited to the offer size. * NFT approvals are restricted to collections. ## Private Audits: #### HHK Audit **Audit Summary** HHK conducted a comprehensive audit of the zkMarkets marketplace, focusing on identifying potential security vulnerabilities, gas optimizations, and assessing overall code quality. **Key Points:** * **No Critical or High Severity Issues**: The audit did not uncover any critical or high-severity vulnerabilities. * **Medium and Low Findings**: Some medium and low-severity issues were identified, with recommendations provided. The zkMarkets team has already implemented several fixes in response. * **Gas Optimization**: Various suggestions were made to improve gas efficiency. * **Informational Findings**: Recommendations were given to enhance code readability and maintainability. **Auditor:** HHK, a seasoned smart contract developer and security researcher, conducted this audit. He has a solid track record in smart contract security and has performed numerous audits with yAudit. HK's audit portfolio is available [here](https://github.com/HHK-ETH/audits). For inquiries, please contact . **Conclusion:** zkMarkets demonstrated excellent communication throughout the audit process. Although no critical issues were found, it is recommended to enhance testing coverage and address the architectural concerns before the upcoming Sherlock audit. **Full Report:** The full audit report can be accessed [here](https://github.com/HHK-ETH/zkMarket-report/tree/main). ## Contests: We are planning a Sherlock audit as part of our continuous commitment to security and transparency. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zkmarkets.gitbook.io/zkmarkets/marketplace-features/audits.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.