From April 17, 2023 to May 19, 2023, Unirep engaged Veridise to review the security of their UniRep Protocol. The review covered the protocol’s Zero-Knowledge circuits, on-chain contracts and client-side typescript library. Veridise conducted the assessment over 15 person-weeks, with 3 engineers reviewing code over 5 weeks. Due to vulnerabilities found during the course of the audit, the formal verification was performed as the buggy implementation could not be formally verified. The auditing strategy involved a tool-assisted analysis of the source code performed by Veridise engineers as well as extensive manual auditing. In parallel, the Veridise engineers also formally verified that the UniRep Protocol circuits adhere to the formal specifications.