Project Information

CATEGORY

Zero-knowledge

NETWORK

Manta Chain

DESCRIPTION

From Feb. 27, 2023 to April. 18, 2023, Manta Network engaged Veridise to review the security of their Manta-ZK Lib. The review covered several crucial arkworks circuits that implement Manta Network’s L1 zero-knowledge protocol, whose goal is to enable on-chain privacy for applications. Veridise conducted the assessment over 35 person-weeks, with 5 engineers reviewing code over 7 weeks. The auditing strategy involved a tool-assisted analysis of the source code performed by Veridise engineers as well as extensive manual auditing.

Audit Report

DURATION

35 person-weeks

COMPLETED

September 1, 2023

SCOPE

The scope of this audit is limited to the following packages provided by the Manta Network developers:

  • manta-crypto: includes cryptographic primitives used throughout the codebase.
  • manta-accounting/transfer: defines a generic version of Manta Network’s protocol.
  • manta-pay: an instantiation of the above protocol that will be deployed.

The Manta Network developers also provided a detailed breakdown on which individual files must be audited for each of the above packages. Due to the scope of our audit, the recommendations provided in this report are limited to the functional specification provided by the Manta Network developers. The overall security of the system can be compromised if any component outside the scope of the audit is vulnerable. For Manta-ZK Lib, such components include, but are not limited to, circuit deployment and front-ends. 

Veridise auditors reviewed the reports of previous audits for Manta-ZK Lib, inspected the provided tests, and read the Manta-ZK Lib documentation. They then began a manual audit of the code assisted by fuzzing/property-based testing and differential fuzzing. We ran our fuzzers for a total of 182 hours combined across all components. 

Please review the full PDF report for a more detailed description of the audit’s scope.

Total Findings
0
Mitigated
0
Critical Severity
0
High Severity
0
Medium Severity
0
Low Severity
0

Considering an audit?
Contact us today!