AuditHub: Veridise Unveils Continuous Security for Web3
In Brief
Veridise CEO Jon Stephens introduced AuditHub, a platform transforming smart contract and zero-knowledge security from a one-time, automated process to a continuous, automated, and adaptive process.
In an era where $350 million in smart contract exploits occurred in a single year — including attacks on projects that had already been audited — Veridise CEO Jon Stephens took the stage with a simple but urgent message: auditing alone is not enough.
Stephens’ keynote, “AuditHub — Continuous Security for Web3,” introduced a new platform that redefines how blockchain teams approach smart contract and zero-knowledge security — turning what was once a one-time audit into a continuous, automated, and adaptive process.
The Problem: Security Happens Too Late
Stephens began by outlining a familiar flaw in how Web3 projects are built.
“Security is often treated as the last step in the software lifecycle,” he said. “Teams plan, build, test, and only then — right before launch — think about security.”
That reactive approach, he explained, leaves projects exposed. Even after audits, nearly one-third of exploited contracts in 2024 were audited, and many more suffered losses from “out-of-scope” code.
In one case, a single overlooked math library led to a $223 million exploit. “It’s not that the audits were bad,” Stephens said. “It’s that the process is broken. We only look at security at the end, when it’s already too late.”
The problem extends to zero-knowledge projects, which are becoming critical for privacy and scalability. Veridise’s internal study found that 55% of audited ZK projects had at least one critical vulnerability — twice as many as typical DeFi protocols.
Why Auditing Isn’t Enough
Stephens was candid about the limits of current solutions.
“Audits are great for finding bugs, but not for guaranteeing their absence.”
Traditional audits, he explained, are expensive, infrequent, and often constrained by scope. Meanwhile, AI-based auditing tools, while affordable and fast, lack reliability. “AI is great at spotting common patterns,” he said, “but it struggles with deep logic bugs — the ones that actually cause catastrophic failures.”
Static analysis, fuzzing, and formal verification tools exist, but they’re often difficult for developers to use and require specialized expertise. “Formal verification has a reputation problem,” he noted. “It’s seen as slow, complex, and inaccessible.”
The Solution: Continuous Security
To bridge these gaps, Stephens unveiled AuditHub, Veridise’s new all-in-one security platform designed specifically for Web3 projects.
“Our goal was to make high-assurance security tools as simple and seamless as a GitHub integration,” he said.
AuditHub integrates multiple Veridise tools — including Vanguard, OrCa, and Picus — covering both smart contracts and ZK circuits. The system uses static analysis, fuzzing, and formal verification in concert to provide continuous feedback throughout the entire development lifecycle.
The platform detects common vulnerabilities like reentrancy or non-deterministic ZK circuits — which accounted for most major exploits in 2024 — without requiring additional developer input.
Beyond that, it supports custom security configurations, allowing developers to tailor scans to their specific business logic. “We wanted to move away from generic analysis and let teams define what ‘safe’ means for their project,” Stephens explained.
Automation Meets Expert Oversight
One of AuditHub’s standout features is its guided issue triage system. Rather than forcing developers to sift through hundreds of false positives, it learns from their feedback — marking similar non-issues automatically.
“It’s security that learns as you go,” said Stephens. “You tell AuditHub once why something isn’t a bug, and it won’t bother you again about the same pattern.”
All tools operate within a unified framework, meaning developers don’t need to configure each one separately. The platform also integrates directly into CI/CD pipelines, enabling “security-as-you-deploy.”
“As you push code or open a pull request, AuditHub runs scans and returns results automatically,” Stephens said. “It’s proactive security, built into your workflow.”
Speed and Scale
AuditHub’s formal verification engine, Picus, has already demonstrated industry-leading performance. Stephens shared that it verified RISC Zero ZK circuit in under eight minutes, a task that would typically take hours or even days.
“Speed matters,” he emphasized. “If security isn’t faster than your dev cycle, it won’t be used.”
By making advanced verification tools accessible and efficient, Veridise hopes to close the gap between rapid development and robust protection — a tension that has plagued Web3 since its inception.
A New Paradigm: Security from Day One
Stephens concluded by reframing security not as a final checkbox, but as a continuous loop.
“Security shouldn’t be a gate at the end — it should be a constant companion from the first line of code.”
With AuditHub, teams can now integrate security scans into early development, detect issues before they compound, and eliminate “out-of-scope” vulnerabilities altogether.
The result, he said, is a future where security evolves alongside innovation, not behind it.
“Auditing will always matter,” Stephens said. “But continuous assurance — automated, adaptive, and embedded — is how we secure Web3 at scale.”
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Victoria is a writer on a variety of technology topics including Web3.0, AI and cryptocurrencies. Her extensive experience allows her to write insightful articles for the wider audience.
More articles
Victoria is a writer on a variety of technology topics including Web3.0, AI and cryptocurrencies. Her extensive experience allows her to write insightful articles for the wider audience.
