Security is at the core of everything we do at Zharta. Before going live with our peer-to-peer lending protocol for ERC20 tokens (Securitize integration), we ran a comprehensive security audit with Hexens.
What Was Reviewed
The audit covered the P2P lending contracts that power the Securitize integration: the core of how tokenized securities are used as collateral on Zharta. This includes borrower vault logic, bilateral deal execution, redemption flows, oracle-based LTV tracking, and liquidation mechanics specific to redeemable assets.
The contract surface includes six Vyper contracts: the vault (P2PLendingVaultSecuritize), base lending logic, ERC20 handling, liquidation, refinancing, and the Securitize proxy. We wanted external review specifically because the interaction between redemption state and liquidation logic introduced edge cases that are hard to catch through internal testing alone.
When selecting an auditor, we considered several factors. Hexens has been operating since 2021 and has completed 300+ engagements. They're the only tier-1 audit firm that has never had their audited code involved in a hack. They find critical or high-severity issues in over 90% of their audits, including in codebases previously reviewed by other firms.
Results
The audit identified 5 issues:
No critical vulnerabilities. The two high-severity findings could have led to loss of principal assets in specific liquidation scenarios involving redeemed loans. All 5 issues were addressed by our engineering team and verified by Hexens.
Full report is available here:
- [Hexens Audit Report, February 2026]