Citrea Fully Completes Its Audit Phase: A Major Step on the Road to Mainnet
After more than two years of development, we’ve reached one of the biggest milestones yet on our road to mainnet: we’ve completed our audit phase for both our rollup (Citrea) and our BitVM-based bridge, Clementine.
This achievement marks one of the final steps on our road to mainnet, next up is the Citrea Risc0-to-BitVM Trusted Setup Ceremony, which will ensure the integrity and security of the cryptographic systems used in Citrea’s Bitcoin bridge.
Following the private audits, we’re proud to share that both our rollup and bridge completed the public audit competitions. We’re now entering the final stretch of our journey to bring Bitcoin’s first ZK rollup to mainnet.
The Mission is to Scale Bitcoin
Our mission has always been clear: to make Bitcoin programmable without compromising its security or decentralization. Bitcoin’s lack of native programmability has forced builders and users to rely on external chains and centralized bridges - fragmenting value and trust. With Citrea, we’re building the first scaling solution that will bring utility, demand, and builders to the Bitcoin Network.
By combining ZK rollup stack with a BitVM-based bridge, Citrea enables Bitcoin applications (₿apps) that are secured by Bitcoin and a bridge optimistically verified by the Bitcoin Network. Completing our audits is a crucial step on our road to mainnet that we want to share with the community.
Citrea ZK Rollup Public Audit Competition (July 18 - August 15)
Our first public audit competition, hosted by Cantina, focused on the Citrea rollup infrastructure. Citrea has built the first ZK rollup stack for Bitcoin, which requires customizations and optimizations to accommodate Bitcoin’s constraints. 510 researchers participated in the Citrea rollup public audit competition and the top 3 received the biggest bounty from the dedicated pot. You can see the full leaderboard page from here.
Over the course of the competition, participants identified 84 issues across the following categories:
- High Risk: 2
- Medium Risk: 10
- Low Risk: 38
- Gas Optimizations: 0
- Informational: 34
High-severity findings were related to L1 transaction building and L2 deposit transaction handling by the sequencer, mainly about edge cases in UTXO selection and potential short-term memory exhaustion scenarios. All such issues have been fully resolved. The remaining significant findings largely involved stability and optimization aspects, including timeout configurations, transaction retry logic, and resource handling in the sequencer and prover systems. All have been resolved to enhance system robustness and performance.
All high and medium-severity issues, along with other significant findings, have been successfully resolved. Please refer to the public portfolio entry for the full auditing scope.
Clementine Bridge Public Audit Competition (August 11 - September 8)
The second public audit competition, also hosted by Cantina, focused on Clementine - Citrea’s BitVM-based bridge. Clementine bridge allows users to exit the rollup and get back their BTC into Bitcoin in a secure, scalable, verifiable and trust-minimized way. Clementine achieves this by combining BitVM2, ZK proofs, Citrea's Bitcoin light design, and Bitcoin as a data availability layer. 535 researchers participated in the Clementine public audit competition and the top 3 received the biggest bounty from the dedicated pot. You can see the full leaderboard page from here.
Participants identified 117 issues, mainly informational, distributed as follows:
- High Risk: 2
- Medium Risk: 3
- Low Risk: 16
- Gas Optimizations: 0
- Informational: 96
The high and medium risk issues were related to our state machine that triggers the sending of BitVM proofs and BitVM disprove transactions, where, in some edge cases, the state machine halts. We also received findings for our Bitcoin transaction sender module, where, during fee spikes, the transaction sender fails to bump fees.
The Citrea team successfully resolved all high and medium risk issues along with other significant findings. Please refer to the public portfolio entry for the full auditing scope.
The Next Step on the Road to Mainnet: Citrea Risc0-to-BitVM Trusted Setup Ceremony
Our next milestone is the Citrea Risc0-to-BitVM Trusted Setup Ceremony - an important event that ensures the cryptographic soundness of the systems underlying our Bitcoin bridge. This will be the first-ever trusted setup ceremony for ZK proofs used in a BitVM-based bridge, marking a new milestone not just for Citrea, but for Bitcoin scalability as a whole.
The ceremony will involve select participants from our partners and the broader ecosystem, each contributing to the creation of the cryptographic parameters that enable the ZK proofs powering Clementine. Although the ceremony will be conducted with a defined group, we’ll publish a guide to allow anyone to verify the results independently, maintaining the transparency that has guided every step of Citrea’s development.
The completion of this ceremony will finalize the cryptographic foundation required for the secure operation of Citrea’s bridge, one of the final steps before our Mainnet Launch.
Marching Towards Mainnet
As the audit phase concludes and the trusted setup ceremony begins, we’re entering the final stages of our journey toward mainnet.
Each milestone - from audits to the trusted setup ceremony to community testing - builds the foundation for what’s next:
- The first bridge verified by the Bitcoin network
- The first ZK rollup secured by Bitcoin
- The first wave of ₿apps bringing real utility, network usage, and liquidity back to the Bitcoin ecosystem
We’re getting ready to bring programmable Bitcoin to life.
Stay Connected
Follow along as we move into the next phase of our road to mainnet: