Blockchain bug detection tools
Veridise combines professionals manually reviewing the code with our in-house tools.
We continuously develop and improve our in-house blockchain bug detection tools. These security tools improve the quality of our audits and reveal bugs that are difficult for the human eye to find.
Our tools enable Veridise to provide comprehensive findings and detect hard-to-find bugs and vulnerabilities.
With Veridise, you can rest assured your codebase is in the hands of an experienced team employing industry-leading detection methods.
Learn more about each blockchain security tool below
Vanguard
Static analysis tool for smart contracts
Vanguard is static code analyzer developed by Veridise. It’s designed to automatically find bugs in smart contract code deeply and efficiently.
Integrated into AuditHub, Vanguard static code analyze helps developers get detailed reports about vulnerabilities in their Solidity projects. We’ve especially optimized Vanguard to minimize false alarms, so developers can focus on the bugs that matter to them.
OrCa
Specification-guided fuzzer
OrCa is a specification-guided fuzzer, a type of automated testing tool which discovers bugs by generating and running thousands of pseudo-random inputs against a target application.
OrCa allows users to write concise but expressive temporal specifications that express properties of a blockchain protocol over time.
With OrCa, you can catch more bugs more quickly – and focus on what really matters: your core project.
ZK Vanguard
Static analysis tool for zero-knowledge circuits
ZK Vanguard is our static analysis tool for finding common vulnerabilities in smart contracts and ZK circuit source code.
By reading just the source code, Vanguard can quickly and accurately identify smart contract security vulnerabilities like reentrancy bugs and flashloan vulnerabilities. It is also capable of identifying subtle and potentially disastrous vulnerabilities in ZK circuits – underconstrained signals, nondeterministic dataflow and much more.
Put simply, Vanguard quickly and efficiently “proofreads” checks your code for errors so when it’s time to deploy, you can do it with peace of mind.
Picus
Formal verification tool for ZK circuit determinism
Picus is a tool we developed to check the uniqueness property (under-constrained signals) of zero-knowledge proof circuits.
It is based on the research paper Automated Detection of Under-Constrained Circuits in Zero-Knowledge Proofs (PLDI 2023).
Picus currently supports Circom, R1CS, and gnark, with an open-source version available for R1CS.
Other frameworks and languages
The [V] specification language
[V] is a declarative specification language for communicating tests/properties
Our team has created the [V] specification language. With it, developers can easily provide specifications for formal security analysis in a mathematically precise way.
[V] is a powerful language that provides you with multiple tools to express the properties you care about. With it, you can concisely express many types of correctness and security requirements that you care about.
LLZK
LLZK is intermediate representation (IR) for zero-knowledge languages
LLZK aims to unify the fragmented landscape of ZK development by providing a modular, extensible, and verifiable IR layer that bridges the gap between circuit DSLs and proving backends.
LLZK is fully open-source and supported by a grant from the Ethereum Foundation.
Featured blog posts
Learn more about our in-house tools and how we improve the quality of audits with them.
5 min read
Explore Veridise Github
Some of our tools—such as Picus, which detects bugs in ZK circuits—have open-source versions. Explore our repositories below.
