Nethermind Security

Full write-up: legal trends, programmable compliance, identity-linked ownership, insolvency risk, regulatory convergence. nethermind.io/blog/securing-…

Lagoon's vault architecture went through five sequential audits as new features changed accounting assumptions between pending and settled assets. nethermind.io/nethermind-sec…

Tokenised assets fall into three legal categories. Informational — records a fact about an offchain asset Certificatory — digital receipt against a custodian Dispositive — transfer of the token IS transfer of legal title Most tokenised assets today are certificatory.

2024: Can AI find smart contract vulnerabilities? 2025: Can you act on the output without drowning in false positives? 2026: How fast, what does it cost, what does it cover? Detection isn't the bottleneck anymore.

@hyperbeat @HyperliquidX Sequential withdrawal queues, OFT supply assumptions across chains. These don't get caught by running the same playbook from Ethereum. Audits, formal verification, and AI-augmented detection. Nethermind does all of them. nethermind.io/blog/hardening…

@hyperbeat @HyperliquidX Second audit: vault accounting issues from cross-chain token mechanics. The share token is an OFT. Bridge it to another chain, origin-chain supply drops, totalAssets stays the same. Share price ratio distorts. 1 Critical, 2 Medium across both audits. All resolved pre-launch.

One address could have permanently frozen every withdrawal in a liquid staking protocol. No bypass. No way to skip it.

Run your own scan: auditagent.nethermind.io

AuditAgent, pointed at live deployed code, surfaced a real vulnerability. First accepted submission to a bug bounty program on Immunefi. Medium severity. Accepted by the project. Audits cover scope. Formal verification proves properties. AuditAgent runs continuously against what's already live. Nethermind does all three.

This week from @JulekSU and the Formal Verification team: · zkDSL progress in Lean · Bluebell program logic formalization · STIR/WHIR IOPP work landing in ArkLib with @fastreedsolomon ⬇️ x.com/JulekSU/status…

2024: Can AI detect smart contract vulnerabilities? 2025: Can you act on the output without drowning in false positives? 2026: How fast does it run, what does it cost, what does it actually cover? Detection's not the bottleneck anymore. Speed, cost, and coverage are.

False positives are the bottleneck in AI security tooling. Not detection. A tool that flags hundreds of findings still needs someone to sort through them. EVMBench reflects whether tools find vulnerabilities, but doesn't measure the noise that comes with them. We wrote up the problem and what we're doing about it.

@testmachine_ai Head-to-head competitions, every finding triaged, results posted. Good to have @testmachine_ai on AgentArena.

Most AI audit tools hide behind marketing claims and private benchmarks. TestMachine is competing publicly on @NethermindSec AgentArena. The era of "trust us, our AI is good" is over. The era of "watch us prove it" is here. We're posting every result. Wins, losses, and everything we learn. If you're building in Web3, you deserve to know which audit tools actually work. Read more here: testmachine.ai/blog/ai-smart-…

Nethermind serves on the Expert Committee for the Ethereum Security Subsidy Program alongside @areta_io, @ethereumfndn, and @chainlinklabs. $1M to subsidize security reviews for Ethereum mainnet builders. Applications are open.

@Lucianadeveth nethermind.io/blog/blockchai…

ZK systems are in production. Soundness assumptions, proof system correctness, privacy guarantees. The security work around them has to match. @Lucianadeveth, Head of ZK Audits, on the shift.