Venture23: Aleo Oracle audit report
Project Information
CATEGORY
Bridge
NETWORK
Aleo
WEBSITE
https://www.venture23.io/
DESCRIPTION
From Aug. 4, 2025 to Sep. 3, 2025, Venture23 Inc. engaged Veridise to conduct a security assessment of their Aleo Oracle. The security assessment covered the off-chain logic of the Aleo Oracle spread across six repositories. The main components included an Intel SGX notarization service built on Gramine that attests to user queries, a verification service used to determine the validity of an Intel SGX or AWS nitro notarization and a SDK that can be used to interact with these services. Veridise conducted the assessment over 8 person-weeks, with 2 security analysts reviewing the project over 4 weeks. The review strategy involved a thorough code review of the program source code performed by Veridise security analysts.
Audit Report
SCOPE
The scope of this security assessment is limited to the following locations:
- https://github.com/venture23-aleo/aleo-utils-go
- /build.sh
- /optimize_wasm.sh
- /session.go
- /wrapper.go
- /cmd/*
- /src/*
- https://github.com/venture23-aleo/aleo-oracle-encoding
- /encoding.go
- /positionRecorder/recorder.go
- https://github.com/venture23-aleo/aleo-oracle-notarization-backend
- /cmd/server/main.go
- /internal/*
*EXCLUDING test.go
*EXCLUDING /internal/config/config.json
- https://github.com/venture23-aleo/oracle-verification-backend
- /main.go
- /nitro-build.sh
- /api/*
- /attestation/*
*EXCLUDING /attestation/decoding_test.go
*EXCLUDING /attestation/nitro/* - /config/config.go
- /contract/contract.go
- /pccs/setup.sh
- /u128/u128.go
- https://github.com/venture23-aleo/aleo-oracle-sdk-go
- /client.go
- /configs.go
- /defaults.go
- /dns.go
- /info.go
- /nooplogger.go
- /notarize.go
- /random.go
- /request.go
- https://github.com/venture23-aleo/aleo-oracle-sdk-js
- /src/*