Security & Audit Proof

How Integra inherits battle-tested security from the Cosmos ecosystem

No separate chain audit is required

Integra uses the standard, unmodified Cosmos SDK and CometBFT consensus engine. We have not forked or modified the core consensus, staking, or governance modules. Our chain inherits the security guarantees of the upstream codebase, the same foundations used by chains managing billions in value including Cosmos Hub, Osmosis, dYdX, Injective, and Cronos.

Security Coverage

Every component in Integra's stack is audited and protected by the Cosmos HackerOne Bug Bounty program.

Cosmos SDK

v0.53.5

Core blockchain framework used by Cosmos Hub, dYdX, Osmosis, and 100+ chains managing billions in value.

Audited by: Trail of Bits, Informal Systems

HackerOne Bug Bounty active

CometBFT

v0.38.19

Byzantine Fault Tolerant consensus engine (formerly Tendermint). 12+ published security advisories, actively maintained.

Audited by: Continuous security review

HackerOne Bug Bounty active

IBC (ibc-go)

Latest stable

Inter-Blockchain Communication protocol enabling cross-chain transfers and interoperability.

Audited by: Informal Systems

HackerOne Bug Bounty active

Cosmos EVM Module

cosmos/evm

Full Ethereum Virtual Machine compatibility. Supports Solidity smart contracts, MetaMask, and all Ethereum tooling.

Audited by: Ethermint heritage, community review

HackerOne Bug Bounty active

Integra Configuration

Binary Source

cosmos/evm @ 0e6a388

Cosmos SDK

v0.53.5

CometBFT

v0.38.19

Go Version

1.23.8

Chain ID (Mainnet)

integra-1

EVM Chain ID

26217 (0x6669)

Validators

4 active, all bonded

Consensus

CometBFT BFT, ~5s finality

Core Modifications

None (standard SDK)

Recent Upstream Security Advisories

These advisories were discovered and patched in the upstream Cosmos SDK and CometBFT repositories. Integra inherits these patches by staying on supported versions.

High

Integer Overflow in Cosmos SDK

ISA-2025-005

Jul 2025

cosmos-sdk

Critical

Tachyon (CometBFT)

CSA-2026-001

Jan 2026

cometbft

High

Invalid BitArray handling

ASA-2025-003

Oct 2025

cometbft

High

Malicious peer block parts

ASA-2025-002

Feb 2025

cometbft

High

Vote Extensions panic

ASA-2024-011

Nov 2024

cometbft

High

Math validation issues

ASA-2024-010

Nov 2024

cosmos-sdk

Smart Contract Security

EVM Smart Contracts

For smart contracts deployed on Integra's EVM (such as the Asset Passport), security is handled separately from the chain itself.

Static Analysis

Slither, Mythril, and Foundry fuzzing for vulnerability detection

Test Coverage

Comprehensive test suites with edge case coverage

Open Source

All contract code publicly verifiable on GitHub

Audit Reports

Published audit reports from the Cosmos security repository. These cover the exact components Integra runs in production.

PDF

Cosmos SDK

Cosmos SDK v0.53 Audit

Full audit of the SDK version Integra uses in production

PDF

EVM

Cosmos EVM Audit by Sherlock

July 2025. Covers the EVM module Integra uses for smart contracts

PDF

IBC

ICS/IBC Audit by Informal Systems

2023. Covers the Inter-Blockchain Communication protocol

PDF

Cosmos SDK

Cosmos SDK Initial Audit

2019. Original security audit of the Cosmos SDK framework

PDF

Module

Group Module Audit

Audit of the x/group governance module

All Cosmos Audit Reports

Full directory of all published audits (SDK, EVM, IBC, Gaia, Ledger)

Security Resources

Cosmos Security Policy

Vulnerability reporting, disclosure process, and supported versions

HackerOne Bug Bounty

Report vulnerabilities in Cosmos SDK, CometBFT, IBC, and Cosmos EVM

Security Advisories

Published advisories for Cosmos SDK and CometBFT

Cosmos SDK Source

Open source code on GitHub

CometBFT Source

Consensus engine source code

Integra EVM Module

Our EVM implementation source code

Security Contact

For security inquiries about the Integra chain, contact security@integralayer.com. For vulnerabilities in Cosmos SDK or CometBFT, use the HackerOne Bug Bounty program.