Soroban smart contract auditing
Comprehensive security analysis of your Soroban smart contracts to identify vulnerabilities and provide clear guidance on how to remediate them.
Soroban smart contract auditing involves experienced security analysts manually examining your Rust- and WebAssembly-based contracts, supported by our in-house security tools to facilitate effective vulnerability discovery. The end result is a thorough smart contract audit that our team assists you to implement.
TRUSTED BY:
TRUSTED BY:




Fraser Brown
Co-Founder & CTO of Cubist
Our key management platform is not trivial to audit: it requires expertise in security, cryptography, Rust, and more. The Veridise team did an extremely thorough job with the audit, which wasn’t surprising given their strong academic and industry background.
Andy Guzman
Product Owner at Semaphore, Privacy & Scaling Explorations Team, Ethereum Foundation
The Veridise team was extremely detailed, helpful and collaborative during the audit and formal verification, it was a joy working with them.
Ryan Fang
Co-Founder of Ankr
Veridise helped our protocols avoid very critical mistakes when other audit firms signed off and issued reports. As the regular retainer of Ankr, Veridise has done an amazing job.
Soroban audits
Soroban audits are one of our core competencies at Veridise. If you’re building on Soroban, we help teams understand its security model and audit risks early.
Historically, the Stellar network has been the straight man of the crypto world: excellent for payments and financials, without a general-purpose smart contract platform. That changed with the debut of Soroban, which brings expressive smart contract logic to Stellar’s fast and inexpensive rails.
Read more
When auditing Soroban contracts, the experience is fundamentally different from EVM-based systems. Unlike many newer chains that replicate the Ethereum Virtual Machine, Soroban was built from scratch using Rust. This was a wise strategic move. Rust is widely regarded as one of the safest languages for systems programming. It’s a natural fit for a network that handles billions in global value. By using WebAssembly, Soroban makes it easy to build contracts that are elegant and highly performant.
With Soroban, you get the speed of Stellar (five-second settlements) with the power of smart contracts. On the flip side, though, developers must learn a new framework, and do so without the extensive libraries and legacy code that one might have on hand with platforms like Ethereum. If you need a Soroban audit, it’s important to work with auditors who understand these differences in depth.
Soroban is brought to us by the Stellar Development Foundation, who emphasize that Soroban is a specialized tool for the real world, aimed at companies like MoneyGram or Circle that bridge the gap between traditional finance and blockchain. Soroban is well suited for teams that prioritize security, cost predictability, and production readiness from day one.
The Veridise edge: Why us?
Seasoned professionals
Veridise is composed of a team of seasoned security professionals, blending the latest research insights from academia with extensive industry expertise.
In-house tooling
In addition to rigorous human auditing, our industry-leading tools detect bugs that the human eye has a difficult time finding. This enhances the quality and effectiveness of our audits.
Confidentiality and ownership
Upon request, we uphold the confidentiality of the report, although many of our clients find value in publishing it. Additionally, our reports become fully yours upon completion of the audit, unlike with some other providers.
AuditHub access included. No extra setup
Access detection tool results instantly, collaborate directly with our auditors, and ensure your fixes are valid.
Veridise audit or traditional audit?See the difference
- Receive the auditreport PDF uponcompletion
- Manual line-by-linecode review
- Transparency acrossthe entire auditprocess
- Track bug discoveriesin real time
- Re-run security toolsanytime
Veridise audit withAuditHub
Traditionalaudit
Our Soroban audit process
1. Assessment
Our experts assess the scope of the audit: We check the source repository and set key requirements to be verified.
2. Review
At the next step, our team formalizes key properties of your project and utilizes our proprietary analysis tools to check for common vulnerabilities and deeper logical bugs.
3. Report
At the end of the audit, we deliver a detailed audit report summarizing our findings and recommendations. Our reports include any uncovered vulnerabilities, their potential impact, and mitigation strategies.
4. Fixes & Fixes Review
Our clients’ teams fix discovered bugs and vulnerabilities. The Veridise team then verifies the new code to ensure it is secure.
5. Final Report
Once all bug fixes are verified, we issue a final audit report and it is up to our clients whether to make the final report public or not.
Soroban Core audited by Veridise
We audited Soroban Core in an engagement commissioned by the Stellar Development Foundation. The five-person review gave us first-hand insight into the platform’s security model and real-world risk surface—experience we bring directly into Soroban application audits.
Four Soroban-specific details you should know
1. Validate complex inputs (Vec & Map<K,V)
Soroban converts container inputs into raw host values with no guaranteed round-trip type safety. Without explicit validation, storing or later retrieving these types can halt execution or break logic.
2. Design for fuzz testing, avoid bare panics
Soroban’s fuzzing tools treat panic! as a bug. Using panic_with_error! and writing fuzzable logic improves test coverage and helps catch edge cases before deployment.
3. Watch out for hidden dependency drift
Using createimport! without explicit dependency declarations can lead to outdated or mismatched contract versions at deployment, causing subtle behavior differences from test environments.
4. Manage unbounded storage carefully
Putting ever-growing data in instance storage can spike costs and risk DoS; even persistent storage needs careful design so entries don’t grow unchecked.
Soroban resources
Veridise security analysts have written in-depth articles on Soroban security, based on our real audit findings and hands-on experience. Explore the resources below to learn more.
Soroban audit funding
The Soroban ecosystem provides financial support for security audits through initiatives such as the Soroban Security Audit Bank, funded by the Stellar Development Foundation (SDF). Veridise discussed how this program works in a fireside chat with Tomer Weller from SDF.
Explore our Soroban audit reports
Review our publicly available Soroban audit reports below.
| Protocol | Resource | Start Date | Company | Language(s) | Tag(s) |
|---|---|---|---|---|---|
| Verseprop: Verseprop | Report | Nov 2025 | Verseprop | Rust | Smart Contracts, Soroban, Rust, Token / ERC20, Privacy/Compliance, Soroban-SDK |
| RedStone: Stellar Connector | Report | Oct 2025 | RedStone | Rust | Smart Contracts, Stellar, Soroban, Rust, Radix |
| AhaLabs: Scaffold Registry | Report | Sep 2025 | AhaLabs | Rust | Smart Contracts, Soroban, Rust, Registry, Loam-SDK |
| Hot Dao: Hot Bridge | Report | Jul 2025 | HOT Dao | Rust | Smart Contracts, Relayer/Off-Chain backend Service, NEAR, Soroban, Rust, Bridge |
| Untangled Finance: Untangled Vault | Report | May 2025 | Untangled Finance | Rust, Typescript | Smart Contracts, Relayer/Off-Chain Backend Service, Soroban, Rust, Typescript, Price Oracle, Vault |
| PotLock: GrantPicks | Report | Jan 2025 | PotLock | Rust | Smart Contracts, Soroban, Rust |
| Zenith Protocols: OrbitCDP | Report | Dec 2024 | Orbit | Rust | Smart Contracts, Soroban, Lending |
| Wombat: Wombat-Exchange | Report | Sep 2024 | Wombat | Rust | Smart Contracts, Soroban, AMM |
| 57Blocks: Stellar Timelock Contract | Report | Jul 2024 | 57blocks | Rust | Smart Contracts, Soroban, Library/Infrastructure |
| Lydia Labs: HiYield | Report | Apr 2024 | Lydia Labs | Rust | Smart Contracts, Soroban, Lending |
| DeFi #55 | Feb 2024 | Rust | Relayer/Off-Chain Backend Service, Smart Contracts, AWS, Solidity, Soroban, ethers, Bridge, Cross-Chain | ||
| Moonbite: Phoenix DEX | Report | Jan 2024 | Moonbite GmbH | Rust | Smart Contracts, Soroban, AMM |
Not ready for an audit yet?
AuditHub platform
- Embed automated security checks directly into development progress
- Catch vulnerabilities early. Ship faster with confidence
- Get clean external audit reports. Save money on re-audits
Architecture review
- Early-stage review to identify critical design risks
- Focus security effort where it matters most before the audit phase
- Get a prioritized plan for architecture issues before you build on them
FAQs
Frequently asked questions
What is Soroban?
Soroban is a smart contract platform built on the Stellar network, designed to support complex application logic while maintaining Stellar’s focus on performance, predictable fees, and real-world financial use cases.
What is Soroban smart contract?
A Soroban smart contract is a program written in Rust and compiled to WebAssembly (Wasm) that runs within Stellar’s execution environment. This enables programmable logic such as tokens, payments, and financial protocols.
What makes a Soroban security audit different from an EVM audit?
Soroban has a distinct execution, storage, and authorization model, introducing risks such as authorization context errors, TTL misuse, and host-boundary type issues that do not exist in EVM-based systems.
How does Veridise tailor audits specifically for Soroban?
Veridise tailors Soroban audits by focusing on the platform’s unique execution and security model, rather than applying generic EVM checklists. We review authorization boundaries, arithmetic and ledger-based time logic, storage and TTL assumptions, and host-boundary type safety.
Our team has audited a number of Soroban contracts and published best-practice guidance based on real audit findings.
When should teams get a Soroban audit?
Ideally before deployment (first deployment or ugprade) and current live systems.
How much does Soroban audit cost?
Soroban audit pricing depends on code size (lines of code), contract complexity, and system architecture. We provide custom quotes after an initial scoping review. Some teams may be eligible for audit funding through The Soroban Audit Bank program.
Considering Soroban audit?
Don’t leave your project’s security to chance.
Get verified by Veridise and secure your blockchain future.