AI + крипто3 мин. чтения

VeridionLabs Launches Open-Source AI Smart Contract Audit Platform with Blockchain Verification

VeridionLabs has introduced an open-source platform for smart contract auditing that combines AI analysis, modular vulnerability scanning, and blockchain verification via Stellar Soroban.

VeridionLabs Launches Open-Source AI Smart Contract Audit Platform with Blockchain Verification
Illustration showing AI interacting with smart contracts on blockchain.

Veridion is an open-source security audit platform for smart contracts developed by VeridionLabs. It combines static analysis, an AI assistant for vulnerability explanations, and blockchain verification via Stellar Soroban. Designed for DeFi protocol developers and auditors, it automates code checks for 50+ vulnerability types with expandable plugin support.

At a glance: Key facts

  • Launched June 12, 2024 as open-source software
  • Detects 50+ vulnerability types through modular plugin architecture
  • AI layer supports OpenAI and Anthropic for generating explanations and fixes
  • All audit results are immutably recorded on Stellar Soroban blockchain
  • Built with modern stack: Next.js 14, NestJS, Prisma and Turborepo
  • Requires Node.js ≥20, pnpm ≥9 and Docker to run
  • Enterprise-ready with RBAC and JWT authentication
  • Includes multi-format report generator (PDF/HTML/Markdown/JSON)

Architecture and tech stack

Veridion uses a monorepo structure with clearly separated modules. Frontend runs on Next.js 14 with shadcn/ui, backend on NestJS with Prisma and PostgreSQL. Blockchain integration implemented via Stellar Soroban in Rust.

Core components:

  • scanner-core: Plugin-based scanning engine
  • ai-engine: Unified interface for AI providers
  • report-generator: Multi-format reporting system
  • contracts/: Soroban verification smart contracts
  • auth/: JWT/RBAC authentication module
  • parser/: Intelligent smart contract code parser

Performance and scaling

Turborepo improves build speeds by 40% versus traditional approaches. Redis and BullMQ enable processing up to 1,000 audits per hour in clustered configurations.

How Veridion's audit process works

The platform conducts three-stage verification: static code analysis, AI risk assessment, and blockchain recording. The scanner uses 50+ built-in security rules expandable via plugins.

Audit workflow:

  1. Upload smart contract code (direct GitHub/GitLab import supported)
  2. Parallel security module scanning
  3. AI analysis of vulnerability severity and exploit likelihood
  4. Report generation with remediation examples
  5. Audit hash recording on Stellar Soroban with timestamp/digital signature

Detectable vulnerabilities include:

  • Reentrancy attacks
  • Integer overflow/underflow
  • Unsafe delegatecall usage
  • Oracle manipulation
  • Gas limit mishandling
  • Transaction frontrunning

Competitive comparison

Feature Veridion Slither MythX
Open-source Yes Yes No
AI analysis Yes No Partial
Blockchain verification Stellar Soroban None None
Plugin support Yes Limited No
Language support Solidity, Rust Solidity only Solidity, Vyper
Enterprise features RBAC, SSO None Premium version

Getting started

Local deployment requires Node.js 20+, pnpm 9+ and Docker. Infrastructure starts with a single docker-compose command after cloning the repo.

Setup steps:

  1. git clone https://github.com/veridion/veridion.git
  2. pnpm install
  3. docker compose up -d postgres redis
  4. pnpm db:migrate
  5. pnpm dev

Production recommendations

  • Configure PostgreSQL clustering with replication
  • Use Redis Sentinel for failover protection
  • Enable API rate limiting
  • Implement Prometheus/Grafana monitoring

Questions & answers

Which smart contract languages does Veridion support?

Currently supports Solidity and Rust (for Soroban). Additional languages can be added via plugins.

How does blockchain verification work on Stellar Soroban?

Veridion records report hashes and audit metadata in Soroban smart contracts, ensuring immutability. Each entry contains:

  • SHA-256 report hash
  • Auditor's digital signature
  • Timestamps
  • Scanner version ID

Can Veridion be used commercially?

Yes, under MIT license with no restrictions. Enterprise options include:

  • SSO integration (OAuth2/SAML)
  • CI/CD pipeline compatibility
  • Custom audit rules

Which AI providers are supported?

Currently integrates with OpenAI and Anthropic via unified API. Planned future support for:

  • Llama 3
  • Claude Opus
  • Local models via Ollama

How does Veridion handle false positives?

Uses multi-layer validation:

  1. Cross-checked static analysis
  2. AI contextual verification
  3. Manual confirmation options
  4. Feedback system to improve detection