Audit Overview
Client
Redacted
Blockchain
Cosmos (CosmWasm)
Service
Smart Contract Security Audit
Audit Period
January 20 – February 6, 2026
Scope
Proxy, Sub-Wallet, Protocol Package
Repository
redacted-contract-main
About Redacted
Redacted is a privacy-focused protocol built on CosmWasm within the Cosmos ecosystem. It employs stealth addresses, zero-knowledge proofs, and a sub-wallet architecture to enable private transactions on-chain. Users generate stealth addresses off-chain, register them through a proxy contract, and manage funds via isolated sub-wallets that provide execution abstraction.
The architecture separates concerns across three components: a proxy contract that handles stealth address registration and deposit routing, sub-wallet contracts that provide isolated execution environments with fee collection, and a shared protocol package containing ZK proof verification and common types. This design enables privacy-preserving fund management while maintaining the composability of CosmWasm—but it also introduces unique security considerations around stealth address validation, fee enforcement across execution paths, and ZK proof domain separation.
Summary of Findings
Our review identified six security findings across the contract suite: one high, one low, and four informational severity. Two findings have been resolved, and four were acknowledged with operational mitigations or design rationale.
| Severity | Total | Resolved | Acknowledged |
|---|---|---|---|
| High | 1 | 1 | – |
| Low | 1 | 1 | – |
| Informational | 4 | – | 4 |
| Total | 6 | 2 | 4 |
Key Findings
CallBatch Fee Not Applied
HighResolvedThe CallBatchToSubWallet handler computed fee-splitting messages correctly but never actually executed them. The sub-wallet built new_msgs containing fee transfers alongside adjusted call amounts, yet returned the original msgs —completely bypassing fee collection on every batch call that included funds. This meant the protocol's fee mechanism was silently non-functional for the primary batch execution path.
Resolution: Updated the function to return new_msgs instead of msgs, ensuring fee transfers are properly included in the execution response for all batch calls.
Unauthorized Deposits Can Bloat Victim Denom List
LowResolvedDeposits were fully permissionless and only validated stealth address length. An attacker could deposit dust amounts in many different denominations to a victim's stealth address, bloating the victim's denoms list. This griefing vector could increase gas costs for the victim on subsequent operations that iterate over their denomination list, degrading the user experience without any direct benefit to the attacker.
Resolution: Implemented deposit gating to restrict unauthorized deposits and prevent denom list bloating from untrusted parties.
Missing Field-Range Validation for Stealth Addresses
InfoAcknowledgedDeposits accepted any 32-byte stealth value, but the ZK proof verification circuit rejects inputs that fall outside the SNARK scalar field. This created a gap where funds could be deposited to a stealth address that is mathematically unreachable by the proof system— permanently locking those funds with no recovery path. While the off-chain system generates valid values using Poseidon hashing, direct contract interactions could trigger this edge case.
Acknowledged: The backend uses Poseidon to generate stealth values that are guaranteed to fall within the safe scalar field range, making this a non-issue for the intended usage path.
Proofs Lack Contract-Domain Separation
InfoAcknowledgedZK proofs were verified without binding the public input to a specific proxy contract instance. A valid proof generated for one deployment could be replayed against a separate deployment of the same contract code. In a multi-deployment scenario, this would allow cross-instance withdrawal attacks where a proof of deposit on Contract A is used to withdraw from Contract B.
Acknowledged: Not relevant to the current single-deployment model. The team acknowledged the finding for future multi-instance scenarios.
Redacted's Security Posture
The Redacted team responded promptly to the audit findings, resolving the two actionable issues—including the high-severity fee bypass—with targeted fixes. The four informational findings were thoughtfully acknowledged with clear rationale around their off-chain architecture and deployment model constraints.
The high-severity CallBatch fee bypass was a subtle implementation error where the correct logic was computed but never returned. The quick resolution demonstrated the team's responsiveness and understanding of their own codebase. The acknowledged findings reflect deliberate design trade-offs where off-chain guarantees (Poseidon hashing, single-deployment model) provide the necessary safety properties.
Building privacy infrastructure on CosmWasm introduces unique challenges at the intersection of ZK cryptography and smart contract execution. Redacted's architecture demonstrates a thoughtful separation of concerns, and the audit confirmed that the on-chain components align with their intended security model.
FailSafe's Closing Remarks
Redacted's privacy protocol represents an interesting approach to confidential transactions within the Cosmos ecosystem. The audit spanned fee enforcement logic, deposit validation, ZK proof verification boundaries, and cross-deployment security—reflecting the breadth of attack surface inherent to privacy-focused systems.
We look forward to seeing Redacted continue to evolve their privacy infrastructure. As the protocol matures and potentially expands to multi-deployment scenarios, the informational findings around domain separation and input validation will become increasingly relevant considerations.
Looking for an Elite Audit?
Whether you're building privacy infrastructure, ZK protocols, or CosmWasm smart contracts, our team combines deep technical expertise with real-world attack simulation to uncover the vulnerabilities that matter.
Contact Our Security TeamReady to Secure Your Protocol?
Get in touch with our security experts for a comprehensive audit.
Learn About Smart Contract Audits