Zellic

• Name: Zellic
• URL: https://www.zellic.io/
• Category: smart-contract security / offensive-security research firm / audit-and-tooling infrastructure / blockchain security engineering platform
• Summary: Zellic is a real security shop with a public report archive and useful tooling behind the audit brand. The note matters because the firm ships monitoring, search, and parsing infrastructure alongside reports, not because it is some category anchor.
• What it does:
  • Performs security assessments and audits for blockchain protocols, wallets, validator stacks, bridges, infrastructure software, and adjacent high-risk systems across EVM, Solana, Cosmos, Move, TON, Cairo, and other environments
  • Publishes public audit reports through a first-party reports/publications surface, with the repository listing a large cross-chain corpus of recent work for projects such as LayerZero, Babylon, Pyth, Frax, Ondo, Hyperlane, Filecoin, Garden, Aori, and many others
  • Maintains open-source tooling including EVM Trackooor for event/transaction/block monitoring and alerting, Masamune for security-focused search across audit and exploit corpora, and Solp for Solidity parsing and analysis without invoking solc
  • Signals a research-heavy posture through the public blog and GitHub inventory, which together span cryptography, web security, mobile security, low-level exploitation, formal methods, parser/tooling work, and blockchain-specific vulnerability research
  • Positions itself around securing “emerging technologies,” which makes the firm relevant not just to established DeFi applications but also to newer chains, runtimes, and protocol stacks where security assumptions are still shifting quickly
• Key claims:
  • The homepage says developers, founders, and investors trust Zellic’s security assessments to help them ship quickly and confidently without critical vulnerabilities, and frames the team around real-world offensive-security research
  • The homepage says Zellic’s engineers bring backgrounds in cryptography, web security, mobile security, low-level exploitation, and finance, which helps explain its coverage across both blockchain-native and adjacent software-security domains
  • The GitHub organization’s popular repositories expose not just audit PDFs but an unusually broad tooling footprint, including a monitoring/alerting framework, a smart-contract-security search engine, a Solidity parser, formal-verification examples, and related analysis utilities
  • The publications repository says Zellic’s audit reports are available both in GitHub and in HTML form on the web, and the repo index itself shows a large and current cross-chain audit corpus rather than a thin marketing sample
  • The EVM Trackooor README shows Zellic shipping practical monitoring tooling for realtime and historical chain surveillance, including examples around proxy-upgrade monitoring, Tornado Cash-linked exploit patterns, Uniswap volume tracking, and Discord alerting
  • The Solp README shows Zellic building internal-grade parsing/analysis infrastructure that can load and analyze Solidity projects without solc, reinforcing that the firm operates with more technical depth than a simple PDF-audit storefront
  • The Masamune README shows Zellic curating a broader smart-contract-security knowledge surface that indexes Zellic’s own reports alongside external sources such as Code4rena, Trail of Bits, Halborn, Spearbit, and others
• Whitepaper: No canonical Zellic whitepaper or litepaper surfaced in this pass. The clearest current primary sources are the homepage, research/blog surface, GitHub organization, publications repository, and open-source tooling READMEs; see ../whitepapers/zellic-primary-sources-2026-04-28.md.
• Sources:
  • https://www.zellic.io/
  • https://www.zellic.io/blog/
  • https://github.com/Zellic
  • https://raw.githubusercontent.com/Zellic/publications/master/README.md
  • https://raw.githubusercontent.com/Zellic/EVM-trackooor/master/README.md
  • https://raw.githubusercontent.com/Zellic/Masamune/master/README.md
  • https://raw.githubusercontent.com/Zellic/solidity-parser/master/README.md

Internal linkages

• Best upward reads: trail-of-bits, certora, and openzeppelin.

Control surface

• The useful leverage sits in report publication, monitoring defaults, search/index construction, and which vulnerability classes Zellic chooses to operationalize in reusable tooling.

• That makes it a tooling-heavy security practice, not a category-defining security platform.

• Last reviewed: 2026-05-31 UTC