Methodology

Open · Deterministic · Auditable

Methodology

Every Veral certificate is computed from a published formula against public evidence. Anyone can reproduce the same score, offline, from the same evidence bundle. This page is the consumer-facing tour; the canonical, versioned spec lives in the GitHub repo.

Veral certificates are currently issued on Sepolia testnet during private beta. The methodology below is the binding scoring contract for those certificates; mainnet issuance will follow the same methodology when it ships.

01 · What the formula reads

Every public source the engine can reach.

Veral reads the public evidence about a subject from every source the engine has wired — the categorised list below is today's wired pool, and it grows as new extractors ship. Every certificate runs against the same evidence pool regardless of tier. The difference between Public, Anchored, and Sealed is interpretation depth, not source count.

Code & bytecode

Sourcify
Etherscan / Blockscout
GitHub
NPM / PyPI

On-chain activity

Ethereum mainnet
ENS (internal)
ENS records
L2 deployments
EAS attestations

Protocol standing

DefiLlama
EigenLayer
The Graph
Token registries

Identity & sybil

Gitcoin Passport
POAP
Farcaster
Lens
Cross-binding (ENS ↔ GitHub back-link)

Security & audit

Code4rena
Immunefi
Tenderly
Safe multisig

Agent integrity

Upgradeability (proxy + timelock)
Counterparty diversity + wash detection
Sanctions oracle (Chainalysis)
ERC-8004 identity — on-chain Trustless Agents IdentityRegistry membership; the ENS erc8004:* text record is an L2 fallback only when the registry probe is unavailable

02 · How the score is computed

Read. Compute. Attest.

Veral scores are calibrated for counterparty-trust decisions.

A subject scoring 90+ is one a sophisticated counterparty transacts with willingly. A subject scoring under 40 is one a sophisticated counterparty refuses or escalates. The 40–90 range calls for supplementary diligence proportional to transaction size. Investor, ecosystem-partner, user, and compliance reads all subsume into the counterparty frame at the M1 surface. Anchored and Sealed tiers (roadmap) add forensic audit depth on the same evidence pool.

Step 1
Read.
Every wired source agent fetches public evidence in parallel — Sourcify, Etherscan, GitHub, ENS records, EAS attestations, audit registries, Gitcoin Passport, Farcaster, and the rest. Every fetch is cached with a published TTL; every response carries provenance so any reader can re-fetch the same evidence. ENS reads are RPC-canonical: off-chain indexers (Subgraph, ENSData) accelerate primary reads, but any non-null indexer answer falls through to RPC verification, and only an RPC null is treated as authoritative for a record's absence. Indexer stale-data or bugs never bind the cert.
Step 2
Compute.
A deterministic formula aggregates the evidence to a 0–100 score across the profile's dimensions. No AI. No opinions. The same evidence bundle always produces the same score, on any device, at any time. The aggregator is one engine; profile differences (project vs agent) are config, not code.
Step 3
Attest.
Optionally, the reading is published as an EAS attestation anchored to the subject's ENS namehash. The on-chain certificate is verifiable by any reader who recomputes the score against the published evidence bundle.

Governance addresses

When a subject resolves to a governance address that manages one or more known protocols, Veral surfaces those protocols as context — the address and the protocol it governs have distinct evidence shapes, and naming the protocol lets you read the score against the right surface. This attribution is sourced from DeFiLlama, a community-curated registry. It is shown as context only and does not change the score: the headline reflects the governance address Veral actually evaluated, not the protocol it points at. A governance address managing several protocols is shown as a TVL-weighted portfolio rather than attributed to any single one.

03 · What the bands mean

The score band ladder.

A Veral score is paired with a band label, a confidence reading, and a coverage reading. The band tells the reader what the score means at a glance.

Exemplary

90 – 100

Verified evidence across every dimension, corroborated by independent sources. Reachable only with High confidence.

Strong

75 – 89

Substantive evidence across most dimensions. Requires at least Medium confidence and corroborated coverage.

Established

60 – 74

Real subject with a verifiable footprint, gaps in one or two dimensions. The typical band for a working project or agent.

Limited

40 – 59

Some real evidence, thin elsewhere. A reader should treat the cert as a starting point, not a green light.

Caution

20 – 39

Coverage is thin or scored mostly from self-asserted claims. The L1-only cap forces this ceiling.

Adverse

0 – 19

A negative overlay fired — sanctions, wash pattern, or unaccountable proxy. The subject is certified-and-disqualified.

The graduated banding gate refuses Exemplary below High confidence and refuses Strong below Medium confidence. A thin-but-high subject is capped at Established until coverage improves — the omission-gaming defence.

04 · Agent profile · agent/v1.0.0

Seven macros for AI-Agent subjects.

The agent profile answers a different buyer question — if I let this agent act, who is accountable, can it be silently changed, is its on-chain behaviour real and clean, and who does it transact with? Capability claims (intelligence or output quality) are out of scope for Public.

M1Ownership & ControlHigh

Who is accountable, and how can they stop or change it? Reads controller type, multisig quality, upgradeability, and declared controller bindings.

M2Identity & VerificationModerate

How anchored is the agent identity — cryptographic versus self-asserted? Reads native ENS records, EAS attestations, on-chain ERC-8004 Trustless Agents IdentityRegistry membership (the ENS erc8004:* text record is an L2 fallback only when the registry probe is unavailable), and the identity-binding upgrade rule.

M3Operational MaturityHigh

How long has the agent been real on-chain? Reads first-tx age, activity depth, and deployment history.

M4Financial StandingHigh

Does it stand behind value, and how does it move it? Conditional with penalty — a financial agent that produces no financial signal is penalized, not silently waived.

M5Counterparty QualityModerate

With whom does it transact? Reads sybil + wash detection over the counterparty graph; the lock-blocking defence against laundered reputation.

M6Developer ProvenanceModerate

Who built it, and what is their track record? Reads GitHub, audit attendance, and deterministic provenance proxies.

M7TransparencyMinor

How openly does the agent operate? Corroborating posture signal; floor weight by design.

05 · Trust tiers

Graduated trust, by source.

Not all evidence is equal. Every signal carries a trust level; the aggregator weights the signal's contribution by the level at compute time. The result is that a cryptographically verified attestation outweighs a self-asserted text record by a known, published amount — not by an editorial judgement. The exact factor per tier ships with every cert's reportHash and the parity-v1.snapshot.json for independent reproduction.

L1 — Self-assertedHalved

Evidence the subject controls — a GitHub username in an ENS text record, a Gitcoin Passport stamp, a POAP. Counts, but capped: a cert that can be substantially set by self-asserted records alone is worse than no cert.

L2 — Cross-verifiedSoftly weighted

Evidence corroborated by an independent registry or attestation — DefiLlama protocol entry, EAS trusted-issuer attestation, an audit registry listing.

L3 — VerifiedFull weight

Cryptographic or on-chain readable evidence — Sourcify verification, Etherscan source match, ENS namehash binding, Safe multisig configuration. The credibility anchor of the score.

06 · Negative overlays

What disqualifies a score.

A clean positive score is not the whole picture. 3 overlays scan for the conditions that should cap or disqualify a subject regardless of its positive evidence. The strictest cap wins; flags are surfaced on the certificate.

Sanctions

Subject or a direct counterparty matches a recognized sanctions list. Hard cap toward Adverse — the cert is certified-and-disqualified, not silently refused.

Wash / sybil pattern

Counterparty graph shows a wash-trading or sybil-cluster signature. Cap toward Caution; lock-blocking detector for the agent profile.

Unaccountable proxy

Upgradeable contract with a lone-EOA admin and no timelock. Cap reflects that the operator can silently change the running code.

07 · Determinism

Same evidence in, same score out.

The formula above is deterministic — pure functions over the evidence bundle, no randomness, no model temperature, no per-call variability. Given the same evidence at the same engine version, every reader gets the same 0–100 number. The on-chain attestation is then a signed publication of that computation: anyone with the cert UID can read the score back from the EAS schema and verify it matches what was issued.

08 · Open weighting

Qualitative bands here. Exact vector with every cert.

Open weighting — qualitative contribution shown here; full vector ships with every cert's reportHash for independent reproduction. The four bands below describe how much each macro or signal contributes to its parent total. The locked numeric weights are published per release in parity-v1.snapshot.json and bound into the on-chain attestation via the cert reportHash, so any reader can recompute the score byte-identically from the published evidence bundle.

Primary contributionDrives the parent total. Removing this signal materially reshapes the score.
HighSubstantial contribution. Anchors a dimension when present.
ModerateMeaningful corroboration. Stacks with peers to lift the dimension.
MinorFloor signal. Present for breadth; does not move the score on its own.

Exact weights locked in parity-v1.snapshot.json per release, reproducible via cert reportHash.

09 · Glossary

Glossary — locked vocabulary.

Every Veral surface uses the same words for bands, trust tiers, and weight contribution. Reading one cert teaches the reader every cert.

Score bands

Exemplary: 90 – 100 · Verified evidence across every dimension, corroborated by independent sources. Reachable only with High confidence.
Strong: 75 – 89 · Substantive evidence across most dimensions. Requires at least Medium confidence and corroborated coverage.
Established: 60 – 74 · Real subject with a verifiable footprint, gaps in one or two dimensions. The typical band for a working project or agent.
Limited: 40 – 59 · Some real evidence, thin elsewhere. A reader should treat the cert as a starting point, not a green light.
Caution: 20 – 39 · Coverage is thin or scored mostly from self-asserted claims. The L1-only cap forces this ceiling.
Adverse: 0 – 19 · A negative overlay fired — sanctions, wash pattern, or unaccountable proxy. The subject is certified-and-disqualified.

Trust tiers

L1 — Self-asserted: Halved contribution. Evidence the subject controls — a GitHub username in an ENS text record, a Gitcoin Passport stamp, a POAP. Counts, but capped: a cert that can be substantially set by self-asserted records alone is worse than no cert.
L2 — Cross-verified: Softly weighted contribution. Evidence corroborated by an independent registry or attestation — DefiLlama protocol entry, EAS trusted-issuer attestation, an audit registry listing.
L3 — Verified: Full weight contribution. Cryptographic or on-chain readable evidence — Sourcify verification, Etherscan source match, ENS namehash binding, Safe multisig configuration. The credibility anchor of the score.

Weight buckets

Primary contribution: Drives the parent total. Removing this signal materially reshapes the score.
High: Substantial contribution. Anchors a dimension when present.
Moderate: Meaningful corroboration. Stacks with peers to lift the dimension.
Minor: Floor signal. Present for breadth; does not move the score on its own.

Conditional

Conditional: A dimension flagged conditional re-normalizes out of the total when the underlying signal is genuinely absent for the subject — a non-DeFi subject is not penalized for missing a DefiLlama listing. The conditional flag is published per profile in the locked weight vector.

This vocabulary is locked. New terms ship under an ADR and a versioned weight snapshot.

10 · Lineage

Lineage — where Veral came from.

Veral grew out of Siren, our ETHPrague 2026 hackathon project. Siren took two first-place finishes that week — the Umia sponsor track and the ENS Best Integration for AI Agents category — by turning any ENS name into a 0–100 verification reading and publishing the result as an EAS attestation bound to the subject's namehash.

The Siren MVP shipped a deterministic two-axis score over four evidence sources (Sourcify, GitHub, on-chain activity, ENS-internal), a six-tier ladder with a public-read ceiling, a single trust discount on unverified claims, full-payload EIP-712 EAS attestation on mainnet and Sepolia, a paste-an-attestation comparator that diffed score regressions and identity rotations, an ENS-anchored Sourcify pin promotion, and a re-derivable raw evidence API. It is still live at upgrade-siren.vercel.app as a snapshot of that origin.

Veral M1 inherits the Siren spine — deterministic scoring, ENS-anchored subject resolution, full-payload EIP-712 EAS attestation — and extends it: a maximalist public-source pool the engine grows over time, a graduated L1 / L2 / L3 trust ladder in place of a single unverified discount, a corroboration-binding aggregator with negative overlays and a confidence gate, per-attribute scoring under ADR-026, an AI-Agent profile built around the seven macros above, classifier-aware bench reads, on-chain refund automation through the PaymentForwarder, agent-profile rolloff for subjects whose identity rotates, and verifiable lineage via parity-v1 snapshots that lock the weight vector across releases.

Where Veral exceeds the Siren MVP today: a far wider wired-source pool across code, on-chain, protocol standing, identity and security categories; a richer score model with the graduated trust ladder, corroboration bindings, the negative overlay panel, and the confidence gate; paid publishability through EAS on-chain attestation with PaymentForwarder payment-gating; an AI-Agent profile with its own seven-macro weight vector; cross-binding L1→L2 promotion through ENS↔GitHub back-link verification.

Where Veral M1 is still behind the Siren MVP: there is no paste-an-attestation comparator and no cross-chain identical-claim diff yet; the proxy-upgrade Contract Risk surface at /r/<name> does not yet ship the governance-comment generator, the risky-selector ABI diff, or the storage-layout history aggregator Siren had; there is no curated demo runner with deterministic prepared scenarios; the live Sourcify health chip on the homepage and the bytecode similarity-submit flow are not yet wired. These items are tracked in the gap list below (mirrored in docs/operations/m1-launch-blockers.md and the M2 roadmap), and the comparator plus the demo runner sit highest because they were the load-bearing surfaces that won the original judging.

10b · Gap list — Siren MVP regressions

What Veral M1 has not yet caught up on.

The Siren MVP shipped four load-bearing surfaces Veral M1 has not yet re-shipped. They are tracked as M2 roadmap items; the comparator plus the demo runner are first because they were the surfaces that won judging at ETHPrague 2026.

Paste-an-attestation comparator — diff two score regressions or identity rotations side-by-side.
Contract Risk depth at /r/<name> — the governance-comment generator, the risky-selector ABI diff, and the storage-layout history aggregator.
Curated demo runner — deterministic prepared scenarios for buyer walkthrough.
Live Sourcify health chip + bytecode similarity-submit flow — the homepage health surface plus the cross-chain identical-claim submit.

11 · Historical · engine-only profiles

Project profile · v1.0.0 (engine-only).

The Project profile (D1–D5) remains as an engine-only execution path because Project attestations were already issued on chain before AI-Agent became the only buyer-selectable product (ADR-028, 2026-06-10). It is no longer surfaced as a tier on landing, on /cert/new, or on /improve. Historical /cert/<UID> resolution honors the locked formulaVersion on each attestation so a Project cert minted under v1.0.0 keeps rendering against the same weight vector it was attested against — immutability of past attestations is preserved by reading the formula version off the cert, not off the live engine.

D1Code IntegrityHigh

Is the code published, verified, and maintained? Reads Sourcify + Etherscan verification depth, GitHub repo maturity, and package adoption.

D2On-Chain ProvenanceHigh

Does the chain show a real, mature operator? Reads controlling-address activity, ENS maturity, EAS attestations, and L2 footprint.

D3Protocol StandingHigh

Does an independent registry confirm protocol standing? Reads DefiLlama, EigenLayer, The Graph, and token registries. Conditional — re-normalizes out when the subject is not a DeFi protocol.

D4Identity & Sybil ResistanceModerate

Is the operator a verified, non-sybil identity? Reads Gitcoin Passport, POAP collection, Farcaster, and Lens.

D5Security AssuranceHigh

Has the project undergone external security review? Reads Code4rena, Immunefi, Tenderly, and Safe multisig signal. Highest weight — external audit is the strongest credibility signal.