Web3 wallets and integrations

Comprehensive security analysis of your Web3 wallet or a related integration (e.g. Metamask Snaps) to indentify vulnerabilities and recommendation how to fix them.

Auditing involves trained professionals manually examining each line of your code and utilizing various in-house tools to support the discovery of vulnerabilities.

Trusted partner for
several wallet integrations

Cubist is a platform that uses bank-grade hardware to manage the keys controlling digital assets. Veridise hs audited various parts of Cubist’s codabase in number of separate audits.

Mina is L1 blockchain, utilizing recursive zero-knowledge proofs. Veridise has audited both the MINA protocol and MinPortal, MetaMask Snap integration.

Web3 Antivirus detects crypto scams and warns you before you sign anything. Veridise has audited their MetaMask Snap integration.

Kadena is a scalable Layer-1 Proof-of-Work blockchain. Veridise audited Kadena’s Wallet Snap for key management.

What our wallet clients say

Fraser Brown

Co-Founder & CTO of Cubist

Our key management platform is not trivial to audit: it requires expertise in security, cryptography, Rust, and more. The Veridise team did an extremely thorough job with the audit, which wasn’t surprising given their strong academic and industry background.

Andy Guzman

Product Owner at Semaphore, Privacy & Scaling Explorations Team, Ethereum Foundation

The Veridise team was extremely detailed, helpful and collaborative during the audit and formal verification, it was a joy working with them.

The Veridise edge: Why us?

Seasoned professionals

Veridise is composed of a team of seasoned security professionals, blending the latest research insights from academia with extensive industry expertise.

In-house tooling

In addition to rigorous human auditing, our in-house tools detect bugs that the human eye has a difficult time finding. This enhances the quality and effectiveness of our audits.

Confidentiality and ownership

Upon request, we uphold the confidentiality of the report, although many of our clients find value in publishing it. Additionally, our reports become fully yours upon completion of the audit, unlike with some other providers.

Veridise’s edge: our in-house tools

Veridise combines professionals who manually review code with our in-house tools.

Our in-house tools enable Veridise to detect hard-to-find bugs that are difficult for the human eye to identify, leading to comprehensive audit reports. With Veridise, your codebase is in the hands of industry-leading detection methods.

OrCa

Specification-guided fuzzer

Vanguard

Static analysis tool for smart contracts and ZK circuits

Picus

Zero-Knowledge Proof auditing tool finding bugs in arithmetic circuits

Web3 wallet integrations: Metamask Snaps

We have audited multiple MetaMask Snaps related integrations. 

A Snap is an extension that customizes the MetaMask wallet experience. You can create a Snap that adds new API methods, supports different blockchain protocols, or modifies existing functionalities.

Further reading on Veridise’s blog:

Our experience auditing Metamask Snaps

MetaMask Snaps audits come with their own set of vulnerabilities.

In our previous MetaMask Snaps audits, we observed that the wallet

… does not show full transaction details when a user wants to send funds. A hacker could trick a user into giving away all of their ERC20 tokens.

We’ve also found that Snaps can be targeted with cross-site scripting or query injection vulnerabilities. For example, we encountered a vulnerability that allowed a phishing website to silently steal the account credentials of a user.

Audit process

1. Assessment

Our experts assess the scope of the audit: We check the source repository and set key requirements to be verified.

2. Review

At the next step, our team formalizes key properties of your project and utilizes our proprietary analysis tools to check for common vulnerabilities and deeper logical bugs.

3. Report

At the end of the audit, we deliver a detailed audit report summarizing our findings and recommendations. Our reports include any uncovered vulnerabilities, their potential impact, and mitigation strategies.

4. Fixes & Fixes Review

Our clients’ teams fix discovered bugs and vulnerabilities. The Veridise team then verifies the new code to ensure it is secure.

5. Final Report

Once all bug fixes are verified, we issue a final audit report and it is up to our clients whether to make the final report public or not.

Explore our audit reports

Veridise is the choice of industry leaders

We have audited some of the most critical protocols in the blockchain space, with billion of dollars in Total Value Locked

Considering an audit?
Contact us today!