How Veda and Certora Are Raising the Bar for Vault Security

We’re partnering with the leading blockchain security firm Certora to elevate our smart contract operations so we can continue to provide best-in-class vault infrastructure that puts security first. 

Through this work together, Veda’s BoringVault architecture has undergone formal verification: a rigorous review that uses mathematical proofs and logic to confirm critical infrastructure operates exactly as designed. Formal verification is an intensive assessment that tests the system at the cryptographic level.

With Certora, we're making our security as robust as possible with formal verification in addition to ongoing reviews and fuzzing. 

“Security is fundamental to everything we build at Veda. As more institutions look to bring yield-generating products onchain, infrastructure providers must set a high bar for assurance, transparency, and resilience," said Sunand Raghupathi, CEO and co-founder of Veda. “Considering the recent backdrop of DeFi security exploits, our ongoing work with Certora reflects our commitment to ensuring Veda’s core systems are under continuous security review so our partners can build with confidence.”

Since Veda began, our vaults have processed $16.5 billion in deposits to date. As we grow to serve more enterprise partners, we’re committed to keeping depositors safe by enhancing our security measures as the threat landscape evolves.

“The next generation of onchain financial products demands a higher standard of security. The industry needs to go beyond audits and into continuous assurance. Veda has taken a forward-looking approach by embedding formal verification and rigorous review into its development lifecycle,” said Certora CEO Seth Hallem, adding: “That’s the level of discipline required to support institutional capital at scale and we’re excited to be working alongside them to make that possible.”

Veda’s vault infrastructure has been repeatedly audited by multiple firms to date. Now, we’re investing in more frequent, in-depth security reviews to ensure we’re taking every measure to keep users safe. 

Secure, by design

Our vault architecture takes a security-first approach from the ground up. At its core, our infrastructure uses Merkle verification to enforce a vetted set of pre-approved vault actions. This is a foundational aspect of our vault design that keeps deployments secure and ensures unapproved actions can’t be executed.

The BoringVault is also modular, meaning enterprises can select the features or components they want to enable without unnecessary elements. This results in vault deployments that are feature-rich, yet scalable and adaptable to changing markets and business needs. 

Veda vaults are always non-custodial, meaning only the depositor has the ability to transfer or withdraw their own assets. Neither Veda nor enterprise partners can transfer or withdraw customer funds. This is another important security feature baked into our vault design.

To date, our tech stack has generated over $375 million in yield for 250,000 users, powering vaults for partners including Kraken, EtherFi, Plasma, Whop, and more. 

Interested in learning more about how to integrate vaults? Get in touch with our team here.