Log inOpen app
Veridise
2,227 posts
user avatar
Veridise
@VeridiseInc
Hardening blockchain security with Formal Methods — Industry-leading security audits and tools for smart contracts, blockchain, and zero-knowledge.
Austin
veridise.com
Joined March 2022
522
Following
4,816
Followers
user avatar
@VeridiseInc

See Veridise’s full profile

Open X

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • user avatar
    Veridise
    @VeridiseInc
    Jul 8
    Move type-checks resources at runtime. That's the whole safety pitch. A stale-cache path let the Aptos VM read one resource as another. Patched fast, no funds moved. That bug class slips under the contract audit. Clean code can't save you when the runtime breaks its own rules.
    1
    4
    278
    user avatar
    Veridise
    @VeridiseInc
    Jul 8
    Full disclosure writeup:
    Hacker facing screens with lines of code (Boitumelo/Unsplash)
    How white hat hackers with a $3,000 server found a flaw that could've put $70 billion in crypto at...
    From coindesk.com
    71
  • Veridise reposted
    user avatar
    Kostas Ferles
    @KFerles
    Jul 8
    Excited for a ZK-centric Ethereum :) Quantum safety and privacy mean new circuits everywhere. Cannot wait to apply our tools on new cutting edge code.
    Ethereum 'Reinventing Itself' With Biggest Overhaul Since the Merge: Vitalik Buterin - Decrypt
    From decrypt.co
    1
    7
    200
  • user avatar
    Veridise
    @VeridiseInc
    Jul 8
    A patch removes the bug you found. It says nothing about the ones you didn't. Zcash caught a counterfeit flaw in Orchard last month. But shielded pools hide amounts, so they can't prove it was never exploited. Project Tachyon is now going for the proof.
    2
    4
    220
    user avatar
    Veridise
    @VeridiseInc
    Jul 8
    Details on the verification effort:
    Missing lines in the Orchard circuit code, and the corresponding missing transpositions among the permutation-polynomial coefficients.
    Detecting Counterfeiting after Zcash's Ironwood — Project Tachyon
    From tachyon.z.cash
    2
    50
  • Veridise reposted
    user avatar
    AuditHub
    @AuditHubDev
    Jul 6
    "Check that the vault can't be paused by a non-admin." Type that into Claude Code or Codex. The agent turns it into a [V] spec, runs OrCa, and hands back the exact transactions that break it, if any do. That's the AuditHub MCP server.
    1
    1
    2
    162
  • user avatar
    Veridise
    @VeridiseInc
    Jul 6
    For years ZK circuit correctness sat at the app layer. Lean Ethereum moves it to L1: enshrined STARKs, privacy built on formal verification. At consensus level, the tolerance for an underconstrained circuit is zero.
    1
    1
    4
    307
    user avatar
    Veridise
    @VeridiseInc
    Jul 6
    Ethereum 'Reinventing Itself' With Biggest Overhaul Since the Merge: Vitalik Buterin - Decrypt
    From decrypt.co
    88
  • Veridise reposted
    user avatar
    Veridise
    @VeridiseInc
    Jul 3
    Formal methods work. They just never fit inside a real dev workflow, until now. With AuditHub now running inside agents like Claude Code, Veridise closed that gap. Our clients get top tier verification without changing how they build.
    user avatar
    AuditHub
    @AuditHubDev
    Jul 3
    AuditHub now runs inside your AI agent. 🧵
    3
    1
    5
    387
  • user avatar
    Veridise
    @VeridiseInc
    Jul 3
    Formal methods work. They just never fit inside a real dev workflow, until now. With AuditHub now running inside agents like Claude Code, Veridise closed that gap. Our clients get top tier verification without changing how they build.
    user avatar
    AuditHub
    @AuditHubDev
    Jul 3
    AuditHub now runs inside your AI agent. 🧵
    3
    1
    5
    387
  • user avatar
    Veridise
    @VeridiseInc
    Jul 3
    The IMF's tokenization warning is a security argument in disguise. Settlement goes from days to seconds. The delay that disappears was the buffer where problems got caught before spreading. Remove it, and a single logic flaw propagates before anyone can intervene. Risk stops
    2
    6
    262
    user avatar
    Veridise
    @VeridiseInc
    Jul 3
    Blockchain (Shubham Dhage/Unsplash)
    Tokenization could make finance faster but also more prone to sudden shocks, IMF warns
    From coindesk.com
    2
    76
  • Veridise reposted
    user avatar
    Kostas Ferles
    @KFerles
    Jun 26
    You asked and we delivered. AuditHub is entering the AI world. AuditHub now has an MCP server: github.com/Veridise/audit…. More updates to follow!
    GitHub - Veridise/audithub-mcp: Connect AI agents to AuditHub’s blockchain security tools. Launch...
    From github.com
    5
    5
    15
    1K
  • user avatar
    Veridise
    @VeridiseInc
    Jul 1
    One founder. 80% of the vote. The Security Council renewal fails. ENS is a reminder: governance concentration isn't a theoretical risk in DeFi protocols. It's a design choice with consequences.
    1
    1
    4
    354
    user avatar
    Veridise
    @VeridiseInc
    Jul 1
    ENS co-founder Nick Johnson blocks Security Council renewal with 80% of votes
    From theblock.co
    1
    137
  • user avatar
    Veridise
    @VeridiseInc
    Jul 1
    Ahead of the @zksync Airbender V2 prover upgrade, @the_matter_labs brought us in to build the tools that formally verify their circuits. Not "we ran the tests and they passed." Mathematical proof that a whole class of soundness bug isn't there.
    3
    1
    22
    15K
    user avatar
    Veridise
    @VeridiseInc
    Jul 1
    How we did it:
    ZKsync Airbender Security: Formal Verification with Picus
    From veridise.com
    4
    235
  • user avatar
    Veridise
    @VeridiseInc
    Jun 29
    SuperRare's reward contract checked who could update its Merkle root. The check used != instead of ==, so every caller passed it. That let any address rewrite the root and drain $730K. A check being present is not a check that works.
    2
    3
    12
    670
    user avatar
    Veridise
    @VeridiseInc
    Jun 29
    @FormallyJon on how a senior auditor catches inverted access control before it ships:
    Smart contract access control: the SuperRare $730K bug | Smart contract audits from Veridise
    From veridise.com
    3
    152
  • user avatar
    Veridise
    @VeridiseInc
    Jun 29
    Frontend supply chain attacks follow the same logic every time. Contracts stay intact. The delivery layer gets weaponized. A malicious script slips in through a third-party dependency and reroutes user funds. Roughly $3M this time, per on-chain analysts.
    2
    1
    5
    375
    user avatar
    Veridise
    @VeridiseInc
    Jun 29
    Polymarket Confirms $3 Million Loss From Third-Party Front-End Supply-Chain Breach
    thedefiant.io
    Polymarket Confirms $3 Million Loss From Third-Party Front-End Supply-Chain Breach
    Polymarket confirmed a $3M front-end supply-chain breach via a compromised third-party vendor, pledging full refunds to affected users.
    1
    99