Jon Stephens

57 posts

Jon Stephens

@FormallyJon

CEO at @VeridiseInc and PhD student at UT Austin. I specialize in building practical tools to discover security vulnerabilities in code using formal methods.

Katılım Nisan 2022

37 Takip Edilen393 Takipçiler

Jon Stephens@FormallyJon·13 Oca

When we first started auditing Aleo, records were one of the language constructs that required the most time to learn. Mark does a great job here explaining how records work and soon will explain how their use can go wrong

Veridise@VeridiseInc

🔐 How does private state actually work in @AleoHQ? In our latest blog, @VeridiseInc security analyst Mark Anthony @epizeuxius breaks down records in Leo — the core primitive behind Aleo’s privacy & scalability. Link to the full blog post below 🧵 1/3

English

329

Jon Stephens@FormallyJon·17 Ara

Congrats! This looks very interesting

Cubist@cubistdev

And we're LIVE! 🚀 We're thrilled to announce the general availability of Cubist Confidential Cloud Functions (C2F), the first Web3 confidential compute platform that brings smart contract guarantees to private off-chain code. Not only is C2F GA. It’s already being leveraged by leading Web3 teams, including by @squidrouter in the latest version of their Cross-Chain Order Routing and Auction Layer (CORAL). With Cubist C2F, you can: ✅ run compute-heavy logic ✅ execute sensitive logic privately ✅ scale across chains without rewriting everything ✅ apply strong governance and safe upgrade paths to critical code ✅ produce evidence that security and compliance controls are real Run your sensitive, compute-heavy, and cross-chain logic verifiably with Cubist C2F.

English

123

Jon Stephens@FormallyJon·15 Kas

We’re just getting started and would love your feedback! If you want to help shape the next evolution of @AuditHubDev, please get in touch!

English

Jon Stephens@FormallyJon·15 Kas

Yesterday’s @AuditHubDev launch is a big step toward fixing that. Built from years of pain as an audit firm, AuditHub has already given us faster turnarounds, higher-quality findings, and far more transparency

English

Jon Stephens@FormallyJon·15 Kas

We started @VeridiseInc to bring actual guarantees to a space that needed them. But as audit volume exploded, one thing became clear: guarantees don’t matter if you can’t deliver them on time

AuditHub@AuditHubDev

Today we're launching AuditHub for Professional Audit Firms, the comprehensive platform! Four integrated formal methods tools that handle routine vulnerability detection automatically, enabling audit firms to deliver mathematical guarantees that competitors cannot match.

English

405

Jon Stephens@FormallyJon·23 Eyl

We’re launching the beta today. If you’re building in Web3 and want security that scales with your codebase, we’d love your feedback.

English

Jon Stephens@FormallyJon·23 Eyl

Huge props to @KFerles and @nikos_chondros for leading the effort, @ShankaraPailoo2, Ben Mariano, Bryan Tan and Ian Neal for leading the tool teams, @bensepanski for providing invaluable feedback and @IsilDillig for her instrumental guidance and leadership.

English

131

Jon Stephens@FormallyJon·23 Eyl

Today we're launching the @AuditHubDev beta - a new platform for blockchain security.

Veridise@VeridiseInc

🚀 Introducing AuditHub: The next-generation blockchain security platform for Web3 developer teams. Built by Veridise — now available to the entire dev community. Follow @AuditHubDev for updates. Thread 🧵

English

836

Jon Stephens@FormallyJon·19 Ağu

LLZK is live! This is all thanks to our amazing LLZK team @ShankaraPailoo2, @iangneal, Tim and Daniel. Also thanks to @ethereumfndn for their support

Veridise@VeridiseInc

We’re excited to launch LLZK, an open-source intermediate representation (IR) for zero-knowledge circuits. Think LLVM, but for ZK. Built by @VeridiseInc and supported with a grant from the @ethereumfndn, LLZK is now live on GitHub. Thread 🧵 1/4

English

367

Jon Stephens@FormallyJon·28 Tem

@Amber_hcq @shafu0x @VeridiseInc @IsilDillig We have audited a lot of ZK related projects. Happy to provide more details

English

Amber@Amber_hcq·28 Tem

@shafu0x @VeridiseInc @FormallyJon @IsilDillig veridise.com/audits/zk/

QME

shafu@shafu0x·26 Tem

The biggest problem with zk is that you have like 7 people in the world who can audit this

English

149

9.7K

Jon Stephens@FormallyJon·20 May

Thanks for having me @HouseofZK. This was a nice way to end a very busy EthDenver

House of ZK@HouseofZK

House of ZK Radio #49: Jon Stephens, CEO of Veridise - out now on Spotify & YouTube 🔲🔳 In this episode we sit down with @FormallyJon, Co-founder & CEO of @VeridiseInc, to explore the state of security in zero-knowledge systems. From smart contract audits to formal verification of ZK circuits and ZKVMs, Jon breaks down where things go wrong, how Veridise builds internal tools like Vanguard and Picasso, and what developers should know when building verifiable applications. Essential listening for anyone serious about ZK security 🤝 Spotify: open.spotify.com/episode/1VLBRf… YouTube: youtube.com/watch?v=W-9hD7…

English

691

Jon Stephens@FormallyJon·12 May

Had an interesting chat about @aztecnetwork's Noir programming language with @mjdklein. We discussed a wide range of topics including how Noir differs from other ZK languages, security features built into Noir and formal methods tools. Definitely worth a watch

Veridise@VeridiseInc

Join us for an insightful fireside chat with @mjdklein, a software engineer at @aztecnetwork, as we dive deep into the @NoirLang programming language—a key component of the Aztec Network. Hosted by @FormallyJon from @VeridiseInc. Timestamps: 0:00 – Introduction: Aztec & Noir language 0:57 – Why Aztec built its own ZK language 2:22 – Overview of Noir and its developer experience 3:20 – How Noir compares to other ZK DSLs 4:33 – Unconstrained functions 6:19 – What Noir offers that other zk DSLs don’t 7:00 – Tools that are currently missing in Noir 8:24 – How the Noir ecosystem might evolve & new tools 9:19 – Metaprogramming in Noir and what it enables 11:28 – Improved succinctness & metaprogramming 13:56 – Who can use Noir and whether it’s tied to Aztec 15:17 – The types of vulnerabilities that are top of mind 17:15 – Work done to ensure optimization passes are valid 18:20 – Formal verification (SMT solvers) considerations 19:18 – Types of bugs devs may unintentionally introduce 21:18 – How entropy could lead to privacy leaks 23:35 – Guardrails built into Noir to prevent such issues 24:50 – How common such vulnerabilities might be 26:13 – Noir circuits vs zkVMs in terms of privacy 28:16 – Local proving systems vs. proving networks 29:36 – How devs can evaluate if SMT solvers are right for them

English

239

Jon Stephens retweetledi

RISC Zero@RiscZero·22 Mar

RISC Zero is building the first formally verified RISC-V zkVM. Using @VeridiseInc's Picus tool, we're mathematically proving determinism in our circuits. Our goal: A zkVM that’s both incredibly fast and provably secure, so developers never have to compromise.

English

240

49.8K

Jon Stephens@FormallyJon·22 Eki

There always seems to be a new ZK language but this article provides a few thoughts on our experience looking at a few of them from a language perspective

Veridise@VeridiseInc

We set out to implement the Mastermind game in 5 different ZK languages/frameworks: Circom, Gnark, Noir, Halo2, and Arkworks. The aim was to evaluate the capabilities and characteristics of these various ZK languages. Check out @iangneal's full blog post below 🧵 1/5

English

800

Jon Stephens@FormallyJon·13 Eki

Thanks @zk_monk for inviting me to talk at your bootcamp. It is very important that people new to ZK and Web3 learn about security considerations early as it is so critical in this space

zkMonk@zk_monk

Today at 12:00 PM EST, Week 7, Session 13 of the Zkmonk BootCamp features - @FormallyJon Jon Stephens, CEO of @VeridiseInc, presenting on ‘ZK Security Considerations.’ Gain valuable insights into the security challenges and best practices for zero-knowledge technologies from an industry expert. LINK: meet.google.com/jdn-ihmj-eyg

English

994

Jon Stephens@FormallyJon·23 Tem

Looking at the breakdown of this data was really interesting. It encompassed a lot of our work to date and highlighted how critical auditing is, especially for ZK!

Veridise@VeridiseInc

Big data drop❗Breakdown of 100 Veridise security audits. @TheBlock__ covers our top insights from 1605 vulnerability findings. Key takeaways below 🧵 1/8

English

202

Keşfet

@AuditHubDev @VeridiseInc @KFerles @nikos_chondros @ShankaraPailoo2 @bensepanski @IsilDillig @iangneal