Blockchain architecture reviews
An architecture review is a high-level security review that identifies critical risks before an audit to save time and money by left-shifting security.
Our analysts model your system, review intended behavior and existing threat mitigations, then threat model the highest-impact areas. You get a prioritized plan to address architecture-level risks before your code reaches production. Avoid costly audit-phase refactors and ship faster with confidence.
TRUSTED BY:
TRUSTED BY:
Veridise was engaged by Seismic to review the architecture of their privacy-enabled blockchain. We identified key vulnerabilities and delivered actionable recommendations across Seismic’s novel consensus algorithm, trusted hardware integration, and confidential smart contract execution. Veridise supported the Seismic team in building a stronger foundation for confidential applications.
What is architecture review?
The Veridise difference: Why us?
Seasoned professionals
Veridise is composed of a team of seasoned security professionals, blending the latest research insights from academia with extensive industry expertise.
In-house tooling
In addition to rigorous human auditing, our in-house tools detect bugs that the human eye has a difficult time finding. This enhances the quality and effectiveness of our audits.
Confidentiality and ownership
Upon request, we uphold the confidentiality of the report, although many of our clients find value in publishing it. Additionally, our reports become fully yours upon completion of the audit, unlike with some other providers.
Veridise’s edge: our in-house security tools
Veridise combines professionals who manually review code with our in-house tools.
With Veridise, your codebase is in the hands of industry-leading detection methods.
OrCa
Specification-guided fuzzer
Vanguard
Static analysis tool for smart contracts and ZK circuits
Picus
Zero-Knowledge Proof auditing tool finding bugs in arithmetic circuits
Special considerations with architecture review
An architecture review is a high-level security review that helps you understand the threats in each part of your system and prioritize what to secure first. It’s designed for situations where the system is too large, complex, or rapidly changing for line-by-line review to be the most effective first step.
Many blockchain systems are not small, self-contained codebases. They are large, multi-component projects spanning multiple languages, platforms, and operational environments They need to be resilient to attacks while remaining highly available. In these settings, a purely line-by-line approach takes more time and reaches lower coverage. There is too much surface area for a reviewer to reason about with the same confidence you might get when reviewing a small, tightly scoped codebase.
Read more
Instead, an architecture review starts by building a clear understanding of the system’s purpose and intent at a high level. Veridise analysts work with your team to understand what the system is supposed to do, what guarantees you want it to provide, and how you expect different users to interact with it. From there, the review identifies the major components and workflows that matter most, and assesses them with a security mindset.
Veridise analysts then threat model the system — mapping threats to mitigations. They analyze the mitigations you already put in place, and then extend that analysis by identifying additional weaknesses that could realistically affect it.
The review focuses on prioritization. It helps you decide what security technique fits each part of the system. Some components may be highly critical or have difficult specifications and still benefit from deeper manual review. Other parts may be more effectively addressed through testing approaches while the code is still evolving—especially in areas where scale or instability makes a traditional audit-style approach inefficient. In other cases, parts of the system may be readily fuzzable and benefit from that style of testing rather than extensive manual effort.
Architecture reviews also have a practical impact on cost and time. The review focuses on what is faster to understand—high-level purpose and intent—while still producing security value. It uses that understanding to drive scoping decisions. It reuses effort that would normally happen at the start of an audit anyway (understanding workflows, building context, threat modeling), but does it in a way that prevents committing to an audit scope too early—before anyone truly understands which parts are most critical. With an architecture review first, you can collaborate to define audit scope based on real risk, rather than guessing in advance. This reduces wasted effort without sacrificing security: you concentrate deeper review where it matters most.
Finally, architecture reviews function as an independent security rationale for stakeholders. When someone asks how you know your system is secure—or how you’re allocating limited time and budget—you can point to a structured review that explains the risks, the mitigations, and the rationale behind where you’re investing security effort.
Our architecture review process
1. System overview & goals
We work with your team to understand what the system is supposed to do, how it is used, and which guarantees it is expected to provide to its users.
2. Component mapping
We map the system into manageable components and workflows so each part can be reasoned about clearly from a security perspective.
3. Threat modeling
The most important step. Our analysts review existing mitigations and independently threat model the system to identify potential weaknesses and realistic attack paths.
4. Security prioritization
Based on risk and criticality, we determine which components require deeper manual review and which are better suited for testing or fuzzing.
5. Security roadmap
You receive a prioritized security plan that helps guide development, testing, and audit scope while making efficient use of time and budget.
Case Study: Seismic
Veridise performed an architecture review of the entire Seismic Network, identifying core risks related to privacy and consensus in this private blockchain built on top of trusted hardware.
Read the Seismic case study
The challenge: A privacy-enabled blockchain extending the EVM
Seismic Network is pioneering a privacy-enabled blockchain extending the EVM, leveraging trusted hardware (Intel TDX) to enhance security and confidentiality. As Seismic moved towards a production-ready state, they recognized the critical need for an independent and thorough assessment of their architecture to identify potential vulnerabilities and ensure long-term resilience against sophisticated attacks. The complexity of integrating trusted hardware, a novel consensus algorithm, and confidential smart contract execution presented significant challenges requiring expert scrutiny.
What Veridise did
Veridise was engaged to conduct a comprehensive architecture review of the Seismic Network, focusing on its core components. Our team of experienced security analysts delivered a rigorous assessment, meticulously examining project documentation and key code repositories.
Our approach involved:
- Deep code analysis: We performed a manual review of the Seismic codebases, including forked repositories and original components.
- Threat modeling & attack vector identification: Our analysts identified several potential attack vectors, with particular focus on the novel Simplex consensus algorithm and private fork vulnerabilities. We highlighted concerns regarding hardware compromise, communication boundary security, and long-lived secret management.
- Comprehensive documentation review: We thoroughly reviewed Seismic’s documentation, including security models and user guides for seismic-solidity, to gain a complete understanding of the system’s design and intended operation.
- Regular collaboration: We maintained consistent communication with the Seismic development team. We engaged in collaborative discussions and seeked clarification to ensure a shared understanding of potential risks.
Results and impact
Veridise’s architecture review provided Seismic Network with invaluable insights into their system’s security posture. Our findings, detailed in a comprehensive report, highlighted several key areas for improvement and mitigation:
- Enhanced security posture: The review identified critical vulnerabilities in the pre-production system, allowing Seismic to proactively address them and strengthen their defenses against potential attacks.
- Improved consensus algorithm security: Our teamprovided Seismic with actionable recommendations to enhance the guarantees provided by its consensus algorithm .
- Strengthened privacy guarantees: We helped Seismic refine their approach to managing private keys and secrets within the trusted hardware environment, minimizing the risk of data exposure.
- Roadmap for future development: Our recommendations included a phased approach to network hardening, starting with a whitelisted validator set and progressing towards more robust security measures like hardware-attested P2P connections. We also suggested formal modeling and rigorous testing strategies to ensure long-term security and reliability.
By partnering with Veridise, Seismic Network gained a deeper understanding of their architecture’s strengths and weaknesses. This enabled Seismic to build a more secure and trustworthy privacy-enabled blockchain platform, and demonstrates their proactive commitment to building a secure solution for confidential smart contract execution.
Veridise’s academic work on blockchain security
By engaging Veridise for your architecture review, you’ll work with industry-leading experts who bring together years of academic research in blockchain security and hands-on experience auditing some of the industry’s most critical protocols.
Veridise is the choice of industry leaders
We have audited some of the most critical protocols in the blockchain space, with billions of dollars in Total Value Locked
Considering an architecture review?
Secure your design before development.
Get an architecture review from Veridise experts.