L1/L2 blockchain audits
Comprehensive security analysis of your blockchain implementation to identify vulnerabilities and guidance how to fix them.
Secure your ecosystem with a Veridise audit and create a trusted foundation for dapp developers to build with confidence.
Veridise is trusted by the following L1/L2 blockchains
Linea engaged Veridise to audit their entire zkVM, which included an in-depth review of their 800 pages of documentation.
Mina Foundation engaged Veridise to review their Fungible Token Standard, and later Mina NFT standard. o1Labs (company behind Mina) has also engaged Veridise to audit their ZK-DSL and CLI for deploying ZK apps on Mina.
Stellar Foundation engaged us to audit the implementation of the Soroban smart contract language on top of the Stellar blockchain infrastructure.
Scroll engaged us to audit constraint-related code in the Scroll ZK-EVM.
Florian Kluge
Engineering Team Lead at o1Labs
Veridise did an excellent job auditing the o1js codebase. It’s not easy, given the complexity of the different programming languages, data flows, and how everything works together. Veridise really understands the internal workings. Amazing work!
Olivier Bégassat
Arithmetization Lead at Linea
I was surprised by the thoroughness of the audits and the really meticulous attention to detail. I initially thought the project would be impossible due to its size (800 pages of docs), and I’m really glad Veridise successfully completed it. It was a pleasure working with Veridise.
Get audit-ready: How to prepare for an L1/L2 blockchain security audit?
The Veridise edge: Why us?
Seasoned professionals
Veridise is composed of a team of seasoned security professionals, blending the latest research insights from academia with extensive industry expertise.
In-house tooling
In addition to rigorous human auditing, our in-house tools detect bugs that the human eye has a difficult time finding. This enhances the quality and effectiveness of our audits.
Confidentiality and ownership
Upon request, we uphold the confidentiality of the report, although many of our clients find value in publishing it. Additionally, our reports become fully yours upon completion of the audit, unlike with some other providers.
Veridise’s edge: our in-house tools
Veridise combines professionals who manually review code with our in-house tools.
Our in-house tools enable Veridise to detect hard-to-find bugs that are difficult for the human eye to identify, leading to comprehensive audit reports. With Veridise, your codebase is in the hands of industry-leading detection methods.
OrCa
Specification-guided fuzzer
Vanguard
Static analysis tool for smart contracts and ZK circuits
Picus
Zero-Knowledge Proof auditing tool finding bugs in arithmetic circuits
Special considerations with L1/L2 blockchains
L1/L2 blockchain implementations are complex sets of software.
L1 blockchain audits consist of e.g. scrutiny of validator selection, stake
Read more
… delegation, and slashing conditions. It’s critical to assess how the consensus algorithm withstands various attack vectors, such as double-spending and sybil attacks.
State transition functions are also critical. This includes validating the integrity of transaction execution, data availability, and state finality. In L2 rollups the mechanism for posting transaction data and state proofs back to the main chain is critical component to review.
The economic model and incentive structures are also important areas. This includes evaluating block rewards, transaction fees, staking incentives, and penalty mechanisms. For example, it’s essential to ensure economic incentives are sufficient to encourage honest participation and deter malicious activity.
Auditing process
1. Assessment
Our experts assess the scope of the audit: We check the source repository and set key requirements to be verified.
2. Review
At the next step, our team formalizes key properties of your project and utilizes our proprietary analysis tools to check for common vulnerabilities and deeper logical bugs.
3. Report
At the end of the audit, we deliver a detailed audit report summarizing our findings and recommendations. Our reports include any uncovered vulnerabilities, their potential impact, and mitigation strategies.
4. Fixes & Fixes Review
Our clients’ teams fix discovered bugs and vulnerabilities. The Veridise team then verifies the new code to ensure it is secure.
5. Final Report
Once all bug fixes are verified, we issue a final audit report and it is up to our clients whether to make the final report public or not.
Explore our L1/L2 audit reports
Veridise is the choice of industry leaders
We have audited some of the most critical protocols in the blockchain space, with billion of dollars in Total Value Locked
