As the Zcash ecosystem Security Lead, Zcash Community Grants (ZCG) requested that we perform a security audit of the Kotlin and Swift Payment URI Prototypes, a library for processing Zcash Payment URIs, as defined in ZIP-321. The core functionality of this library, which is implemented in Kotlin for Android and in Swift for iOS, is to construct and parse payment request URIs, enabling users to express payment intents in a standardized format. This format can be recognized by wallets and other applications within the Zcash ecosystem, facilitating transactions through links or QR codes.
Our final audit report was completed on June 11, 2025.
To read the full report, including our findings, click here: