Merge pull request #1059 from o1-labs/2024-10-add-veridise-audit

Adding Veridise Audit
MinaProtocol · Oct 15, 2024 · 07364af · 07364af
2 parents ff309fb + a81ab14
commit 07364af
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 8 deletions.
diff --git a/docs/mina-security.mdx b/docs/mina-security.mdx
@@ -19,6 +19,7 @@ However it doesn't stop there. Check out some other resources to see what measur
 
 ### Protocol
 
+- [August 27, 2024 o1js](https://github.com/o1-labs/o1js/blob/a09c5167c4df64f879684e5af14c59cf7a6fce11/audits/VAR_o1js_240318_o1js_V3.pdf) by Veridise
 - [December 12, 2023 Pickles](https://minaprotocol.com/wp-content/uploads/Least-Authority-Pickles-Final-Audit-Report.pdf) by Least Authority
 - [August 28, 2023 Transaction Logic and Transaction Pool](https://minaprotocol.com/blog/least-authority-concludes-security-audit-of-mina-protocols-transaction-logic-and-transaction-pool) by Least Authority
 - [October 16, 2022 Mina codebase, ecosystem projects](https://minaprotocol.com/wp-content/uploads/Mina-Security-Assessment-2022.pdf) by Mo Ashouri
@@ -33,6 +34,7 @@ However it doesn't stop there. Check out some other resources to see what measur
 - [July 16, 2021  Clor.io Wallet](https://minaprotocol.com/blog/clorio-wallet-audit) by Least Authority
 
 ### Auditors
+- [Veridise](https://veridise.com/)
 - [Least Authority](https://leastauthority.com/)
 - [NCC Group](https://www.nccgroup.com/us/)
 - [Gauntlet Network](https://www.gauntlet.xyz/)

diff --git a/docs/zkapps/writing-a-zkapp/introduction-to-zkapps/secure-zkapps.mdx b/docs/zkapps/writing-a-zkapp/introduction-to-zkapps/secure-zkapps.mdx
@@ -19,14 +19,7 @@ On this page, you will find guidance for how to think about security when buildi
 
 Apart from acquiring a solid understanding of security aspects of zkApps, we recommend that critical applications also get audited by independent security experts.
 
-There has been an internal audit of the o1js code base already, [the results of which you can find here](/zkapps/o1js#audits-of-o1js). An audit by a third-party security firm is ongoing.
-
-:::caution
-
-Until the third-party audit of o1js is completed, audits of zkApps should also include the relevant parts of o1js in their scope.
-
-:::
-
+There has been an internal audit of the o1js code base already, [the results of which you can find here](/zkapps/o1js#audits-of-o1js).  You can also see the results of a third-party audit, performed by Veridise, [here](https://github.com/o1-labs/o1js/blob/a09c5167c4df64f879684e5af14c59cf7a6fce11/audits/VAR_o1js_240318_o1js_V3.pdf).
 ## Attack model
 
 The first and most important step for zkApp developers is to understand the attack model of zkApps, which differs from traditional web apps in important ways. In essence, there are two new kinds of attack: