Nethermind Security

We built a practical guide for circuit architects covering under-constrained and over-constrained circuits, arithmetic overflows, public signal leaks, and pre-deployment review. Includes a downloadable checklist. nethermind.io/blog/zk-circui…

The math wasn't wrong. The deployment process was incomplete. Groth16's Phase 2 is required, but nothing in the toolchain enforces it before deployment. When setup-level gaps reach production, constraint-level issues that need formal analysis aren't getting caught either.

The first known exploits against live ZK circuits happened last month. Combined loss: ~$2.3M. The root cause wasn't a subtle under-constrained bug. It was an incomplete Groth16 trusted setup ceremony.

Our auditors check for second preimage vulnerabilities in every Merkle-related review. The pattern repeats. The contract accepts a raw 64-byte leaf. An attacker submits two concatenated child nodes as a single leaf. It hashes to the value of the internal node. The proof passes. The data was never authorized. Libraries process whatever leaf you hand them. The vulnerability is in construction, not verification, and it survives code review more often than it should. @ahmedaghadi breaks down the full mechanism and the two standard mitigations: nethermind.io/blog/preventin…

@leanprover Goal: increase maturity and trustworthiness of production zk systems. Work builds on CLAP by Marco Stronati and the collaboration with @AptosLabs.

Because the circuits are embedded in @leanprover, they can also be formally verified directly in the proof assistant. This enables verification of functional correctness properties of the circuit.

The Formal Verification team is collaborating with Aptos to develop a formally verified version of the Aptos Keyless Login circuit. Keyless Login allows users to create and authenticate Aptos accounts using OIDC identities such as Google or Apple ID.

Multiple audits. Years in production. @LidoFinance's smart contracts are among the most reviewed in DeFi. Three AgentArena competitions ran independent agents on the same scope in parallel. Human auditors validated every finding. Done in days, not weeks. 6 Medium severity issues. 8 Low. "The validated findings were comparable in quality to those identified by experienced human auditors." — Gregory S., Lido Audit Committee

Two out of three high-severity vulnerabilities on EVMBench detected by AuditAgent. Before any manual review would start. EVMBench is a standardized benchmark for AI vulnerability detection, built by @OpenAI. We ran all 40 repos. AuditAgent: 80/120 (67%). Best base model: 56/120 (47%). No repos skipped, run in order. Recall is one dimension. We evaluate against both recall and precision, and we've open-sourced our evaluation methodology. Full analysis next. auditagent.nethermind.io

Three EVMBench repos two weeks ago. Now 15, run in order, not hand-picked. EVMBench measures recall. It doesn't measure false positive rates. Recall without precision is a demo, not a tool. 𝗔𝘂𝗱𝗶𝘁𝗔𝗴𝗲𝗻𝘁 𝗶𝘀 𝗯𝘂𝗶𝗹𝘁 𝘁𝗼 𝗺𝗶𝗻𝗶𝗺𝗶𝘇𝗲 𝗻𝗼𝗶𝘀𝗲, 𝗻𝗼𝘁 𝗷𝘂𝘀𝘁 𝗺𝗮𝘅𝗶𝗺𝗶𝘇𝗲 𝗱𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻. Full results across all 40 repos in progress.

𝗕𝘂𝗶𝗹𝗱𝗲𝗿 𝘀𝗽𝗼𝘁𝗹𝗶𝗴𝗵𝘁: 𝗦𝘁𝗮𝘁𝗲𝗺𝗶𝗻𝗱 AgentArena's competitive model is producing results. In the last three competitions, Statemind's independent audit agent earned $2,000+ in bounties, one of around 10 active agents competing in parallel on each task. Our platform doesn't just host agents. We support builders end-to-end: integration assistance, finding validation, performance feedback, and ongoing technical monitoring. Statemind has been building with us from the start. Multiple agents. Independent strategies. Third party-based arbitration. Protocols benefit from broader coverage. Builders earn for what they find. agentarena.nethermind.io

AuditAgent now supports Solana. AI-augmented vulnerability detection trained on real audit findings. Now across Solidity, Cairo, and @Solana. Raising the security baseline early in development, before manual review begins. auditagent.nethermind.io

⚠️ To clarify: @stvaio has not been audited by Nethermind's security engineers. They used our AuditAgent, an automated scanning tool which was run independently. A full Nethermind audit involves manual review by our team, this did not happen here. We encourage projects to be transparent about what security steps they've actually taken.

🟢 StoneVault Beta Release We’re excited to launch our brand-new vault for trustless stablecoin yield - 5%+ APY, powered by battle-tested protocols: @aave, @sparkdotfi, and @curvefinance. What you get: • Competitive APY + 5% APY bonus for early users via Liquidity Land (details below) • Audited by @Nethermind • Open-source smart contracts on GitHub • No complexity — designed for a smooth, transparent vault experience 👉 Join now: app.stva.io Immutable and trustless design built for true DeFi maximalists.

⚠️ To clarify: @stvaio has not been audited by Nethermind's security engineers. They used our AuditAgent - an automated scanning tool which was run independently. A full Nethermind audit involves manual review by our team - this did not happen here. We encourage projects to be transparent about what security steps they've actually taken.

🔐 Security is our top priority. We’re excited to announce that our smart contracts have successfully completed a security audit by @Nethermind. The audit reinforces our commitment to building a secure and transparent DeFi infrastructure. Full report: stva.io/nethermind-aud…

Some things happening in the Nethermind formal verification team this week: - @fastreedsolomon and I are kicking off formalisation of STIR and WHIR IOPPs as part of ArkLib (github.com/Verified-zkEVM…) - Developing an augmented version of Certiplonk that scales better, we're currently using it to prove the soundness of an implementation of the Poseidon 2 hash in Plonky3 (github.com/NethermindEth/…) - We have proved that probability spaces, PSp, are indeed instances of discrete camera by following the proof described in the Lilac separation logic paper. This is an important milestone in embedding the resource model of Bluebell in Iris Lean, as the model of Bluebell is (essentially) defined to be a permission algebra on top of the ordered resource algebra PSp. (github.com/Verified-zkEVM…) - Implemented a computable implementation of Lagrange interpolation as part of the ArkLib project (github.com/Verified-zkEVM…).

@Lighter_xyz built a per-user deterministic contract architecture for cross-chain USDC via Circle CCTP. @NethermindSec reviewed the integration: CCTP attestation handling, governance safeguards, fee calculations, and approval patterns. 📘 Case study: nethermind.io/blog/securing-…