Industry-leading NFT audits

Comprehensive security analysis of your NFT smart contract to indentify vulnerabilities and recommendations how to fix them. Immerse yourself in the creative process while we fortify the security of your NFT assets.

The Veridise edge: Why us?

Seasoned professionals

Veridise is composed of a team of seasoned security professionals, blending the latest research insights from academia with extensive industry expertise.

In-house tooling

In addition to rigorous human auditing, our in-house tools detect bugs that the human eye has a difficult time finding. This enhances the quality and effectiveness of our audits.

Confidentiality and ownership

Upon request, we uphold the confidentiality of the report, although many of our clients find value in publishing it. Additionally, our reports become fully yours upon completion of the audit, unlike with some other providers.

Veridise’s edge: our in-house tools

Veridise combines professionals who manually review code with our in-house tools.

Our in-house tools enable Veridise to detect hard-to-find bugs that are difficult for the human eye to identify, leading to comprehensive audit reports. With Veridise, your codebase is in the hands of industry-leading detection methods.

OrCa

Specification-guided fuzzer

Vanguard

Static analysis tool for smart contracts and ZK circuits

Picus

Zero-Knowledge Proof auditing tool finding bugs in arithmetic circuits

Essential elements of NFT auditing

An NFT smart contract audit involves a careful examination of each line of code in a smart contract, uncovering vulnerabilities and providing recommendations to fix them. This process hardens the security of your NFT project.

An NFT auditing involves trained professionals manually examining the code and utilizing various in-house toolings to support discovering vulnerabilities.

NFTs are smart contracts, usually following a standard such as ERC-721 or ERC-1155 on Ethereum. It is crucial to review the contract’s adherence to these standards, in terms of e.g. transfers and auctions.

These standards come with their own set of attack vectors that need special focus. For example, the use of receiver hooks prevents lost tokens, but can easily introduce reentrancies when minting or transferring tokens. Batch operations need especially careful review to avoid reentrancy and DoS attacks.

Ownership validation is also critical with NFTs, ensuring the smart contract logic accurately updates the ownership transfers and verifies the authenticity of the asset. Potential marketplace integrations need to be carefully audited, as well as NFT releases and airdrops. Many NFT airdrops rely on signature validation, which can be prone to replays, or lead to theft if the interactions with NFT transfers lead to reentrancy.

The choice of standard itself is another important design point. Developers may take on extra code complexity by using ERC1155, but also save on gas if they intend to manage several different NFTs. These myriad of concerns all must be carefully considered from both a cost and security perspective when designing a protocol.

NFT audit process

1. Assessment

Our experts assess the scope of the audit: We check the source repository and set key requirements to be verified.

2. Review

At the next step, our team formalizes key properties of your project and utilizes our proprietary analysis tools to check for common vulnerabilities and deeper logical bugs.

3. Report

At the end of the audit, we deliver a detailed audit report summarizing our findings and recommendations. Our reports include any uncovered vulnerabilities, their potential impact, and mitigation strategies.

4. Fixes & Fixes Review

Our clients’ teams fix discovered bugs and vulnerabilities. The Veridise team then verifies the new code to ensure it is secure.

5. Final Report

Once all bug fixes are verified, we issue a final audit report and it is up to our clients whether to make the final report public or not.

Explore our audit reports

Veridise is the choice of industry leaders

We have audited some of the most critical protocols in the blockchain space, with billion of dollars in Total Value Locked