Olivia
Online
Kostas Ferles
@KFerles
Chief Technical Officer @VeridiseInc! Building automated tools to secure the web3 ecosystems.
Somewhere in the US.
Joined September 2022
88 Following
114 Followers
57 Posts
The ResupplyFi $9.6M bug shipped past an audit. AuditHub catches the class on every commit.
A custom static check flags the shape. A targeted fuzzer confirms the exploit. The combination is the part audits cannot run for you continuously.
@VeridiseInc @FormallyJon The gap is also tooling. Most teams can name the risk. Few have tooling that does anything about it.
@VeridiseInc @FormallyJon @DavidThaDegen @Genzio Always good seeing Jon on stage. The tooling argument is the right one!
Who to follow
Shankara Pailoor
@ShankaraPailoo2
UT Phd + Chief Research Officer at @VeridiseInc
Jon Stephens
@FormallyJon
CEO at @VeridiseInc and PhD student at UT Austin. I specialize in building practical tools to discover security vulnerabilities in code using formal methods.
Isil Dillig
@IsilDillig
CS Professor at UT Austin + President of @VeridiseInc.
Read the breakdown in our Pre-mortem: https://t.co/xerlCAKGS1
The ResupplyFi $9.6M bug shipped past an audit. AuditHub catches the class on every commit.
A custom static check flags the shape. A targeted fuzzer confirms the exploit. The combination is the part audits cannot run for you continuously.
Vitalik finally said it out loud. "Formal verification is the future of crypto security."
Our tool Picus has been doing it since before the blog post.
The ResupplyFi check approved a $9.6M borrow against 1 wei of collateral. The exchange rate fed in was zero, and zero passed the LTV ceiling.
Veridise auditors treat oracle-fed arithmetic as a boundary problem.
Here are a few learnings from the audit: https://t.co/bfv5ol07az
Zero < any positive LTV ceiling. The check did exactly what it was written to do. That's what makes this a boundary problem. Busy writing a follow up on how you catch it with a custom detector.
The ResupplyFi check approved a $9.6M borrow against 1 wei of collateral. The exchange rate fed in was zero, and zero passed the LTV ceiling.
Veridise auditors treat oracle-fed arithmetic as a boundary problem.
Here are a few learnings from the audit: https://t.co/bfv5ol07az
@VeridiseInc The hard part was never finding more bugs.
It was knowing when you'd found them all.
That's the question formal verification actually answers.
https://t.co/CC6IQA39l7
The next 60 ETHSecurity Badge holders have been selected using a new rubric updated by the applicants themselves!
Thank you to the people who chatted with the bot, your refinement of the rubric is the first DAO experiment we have tested.
And thank you to @bonfiresai for making amazing DAO tooling!
Our CEO @FormallyJon is live from @EthCC on :
Live State Fuzzing: Testing Live Deployments Proactively
https://t.co/62elGaNxQK
We're giving away 2 full-access passes to @EthCC in Cannes 30 March - 2 April
To enter:
1⃣Follow @VeridiseInc
2⃣Repost this post
Winner drawn on 28 March
Our partner @AuditHubDev will be at the booth running a security quiz
Stop by, test your knowledge, take home merch
📺 Ethproofs day
Panel Discussion: Formal Verification & Fuzzing moderated by @alexanderlhicks , Ethereum Foundation
@CodyGunton @vwuestholz @KFerles
@VeridiseInc @ConsensysAudits
https://t.co/DllN0BD7Yq
Today we're launching AuditHub for Professional Audit Firms, the comprehensive platform!
Four integrated formal methods tools that handle routine vulnerability detection automatically, enabling audit firms to deliver mathematical guarantees that competitors cannot match.
🚀 @AuditHubDev is back — now purpose-built for blockchain security firms.
A full-stack audit platform that streamlines the audit lifecycle, built around how professional audit teams actually work
1/7
Security audits in Web3 are often slow, opaque, and hard to coordinate.
At DSS, @KFerles from @VeridiseInc presents AuditHub, a platform that automates repetitive tasks, improves transparency, and helps analysts and developers collaborate efficiently during security reviews.
The future Jon (@FormallyJon) outlined at Verifying Intelligence isn't theoretical: it's live.
AuditHub brings continuous ZK + DeFi security into your development workflow today.
One setup.
Always-on verification.
No "out of scope" blind spots.
This is what secure-by-default looks like. 🛡️
$350M lost to smart contract exploits in 2024. One-third were audited.
Point-in-time audits arrive too late. Bugs surface right before launch, when fixes cost the most.
Watch Veridise CEO Jon Stephens @FormallyJon explain why we built AuditHub!
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.6M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers