Security reviews are an important part of the cETH development process. Because cETH spans Ethereum smart contracts, Canton-side components, and operational infrastructure, audit coverage is described by component.
Ethereum Smart Contracts
The cETH Ethereum-side smart contracts were reviewed by Consensys Diligence in April 2026.
The review covered the Ethereum mainnet contracts used by cETH, including the BridgeVault and BridgeRouter contracts. The audit focused on the lock/mint and burn/release bridge model, role separation, pause controls, replay protection, withdrawal limits, and related bridge configuration logic.
The public audit report is available here:
Canton / DA Utility Components
On the Canton side, cETH uses Digital Asset Utility ("DA Utility") components.
Digital Asset has confirmed that the DA Utility components used by cETH are the same utility components that were reviewed by CertiK as part of the xReserve audit.
The CertiK xReserve DAML audit covered DAML smart contracts implementing xReserve workflows on Canton, including the Network Utilities layer. This layer provides foundational templates and models for roles, credentials, token behaviors such as mint, burn, and transfer, as well as auxiliary workflows such as token locking/unlocking and delivery-versus-payment style allocations.
This should be understood as audit coverage of the reused DA Utility component set in the context of xReserve. It was not commissioned as a separate cETH-specific Canton-side audit.
Scope and Limitations
Audits reduce implementation risk but do not eliminate all risks. Safe operation of cETH also depends on correct deployment, key management, multisig procedures, monitoring, and operational controls.