Publications

At Veridise, we combine cutting-edge academic research with the latest industry experience.

Along with our extensive experience auditing key blockchain infrastructure protocols, smart contracts, and zero-knowledge implementations, many of our team members have academic research backgrounds.

Here you can find featured publications conducted by our team members.

Publications in smart contract security

Our academic work centers on advanced vulnerability detection tools, utilizing research advancements in our tools, such as Vanguard (a static analyzer) and OrCa (an oracle-guided fuzzer).

This paper was one of the first papers to introduce fully automated formal verification for smart contracts, aiming to ensure the correctness of smart contracts within Microsoft’s Azure Blockchain Workbench.

Veridise authors: Isil Dillig, Kostas Ferles

Published in: Verified Software: Theories, Tools, Experiments (VSTTE)

The paper addresses the challenge of analyzing loops in Solidity smart contracts, which are more common than previously thought, occurring in about one in five contracts. The authors study over 20,000 Solidity contracts deployed on the Ethereum blockchain.

Veridise authors: Benjamin Mariano, Isil Dillig

Published in: CAV 2024 Computer Aided Verification conference

This paper aims to prevent arithmetic overflow and underflow in Solidity smart contracts. The paper introduces SolType, a refinement type system that allows developers to annotate contracts to prove the safety of arithmetic operations.

Veridise authors: Bryan Tan, Benjamin Mariano, Işil Dillig

Published in: Principles of Programming Languages (POPL)

This paper tackles the problem of optimizing gas usage in Ethereum smart contracts by automatically refactoring data layouts. This is important because executing smart contracts on Ethereum costs gas, which is tied to real-world currency.

Veridise authors: Işil Dillig

Published in: Object-oriented Programming, Systems, Languages and Applications (OOPSLA)

The SmartPulse paper can be seen as the foundational work that kickstarted Veridise. Its novel methods for checking the liveness properties of smart contracts generated significant interest among blockchain security experts, prompting the early team to establish Veridise.

Veridise authors: Jon Stephens, Kostas Ferles, Benjamin Mariano, Işil Dillig

Published in: IEEE Symposium on Security and Privacy (Oakland)

Publications in zero-knowledge proof security

The advancements in our academic research on zero-knowledge security are directly integrated into our in-house ZK vulnerability detection tools: Picus and ZK Vanguard.

This research paper aims to improve the scalability of solvers used in the automated verification of cryptosystems by addressing the inefficiencies of previous solvers that build a full Gröbner basis (GB) for systems of field equations.

Authors: Alex Ozdemir, Shankara Pailoor, Alp Bassa, Kostas Ferles, Işil Dillig

Published in: CAV 2024 Computer Aided Verification conference

This research paper presents a lightweight technique for detecting vulnerabilities in zero-knowledge proof circuits, focusing on those written in Circom, a popular domain-specific language (DSL). The paper introduces a static analysis framework that uses a new program abstraction called Circuit Dependence Graph (CDG) to capture key properties of the circuit.

Authors: Jon Stephens, Kostas Ferles, Shankara Pailoor, Işil Dillig

Published in: USENIX Security Conference

This research paper addresses the issue of underconstrained arithmetic circuits in zero-knowledge proofs, which can lead to security vulnerabilities. These circuits, generated by domain-specific languages (DSLs) like Circom, can admit multiple witnesses for a given input, enabling malicious parties to create bogus proofs.

Authors: Shankara Pailoor, Jacob Van Gaffen, Işil Dillig

Published in: Academic Paper PLDI 2023

The paper addresses the challenge of verifying the correctness of zero-knowledge (ZK) proof systems, which are essential for secure applications like privacy-preserving apps and Layer 2 scaling solutions (ZK-Rollups).

Authors: Bryan Tan, Işıl Dillig

Published in: IEEE Security & Privacy Conference Oakland Security

Key takeaways from our research publications

Not in the mood to read the full papers?
We’ve got you covered—check out the summaries in these two blog posts!

Considering an audit?
Contact us today!