MAGIC Grants: Monero FCMP++ audit report

Project Information

CATEGORY

Zero-knowledge, Cryptography

NETWORK

Monero

WEBSITE

https://magicgrants.org/

DESCRIPTION

From Apr. 7, 2025 to May 2, 2025, MAGIC Grants engaged Veridise to conduct a security assessment of their Monero FCMP++ project. The security assessment covered the Monero full-chain membership proof algorithm, arithmetization, and implementation. This circuit proves a blinded Pedersen committment is contained within a publicly known set without revealing any other information. Veridise analysts analyzed the sub-circuits which compose the Monero FCMP++ circuit in prior reviews [1–3]. This review focused on their use and implementation in the full Monero FCMP++ codebase. Veridise conducted the assessment over 12 person-weeks, with 3 security analysts reviewing the project over 4 weeks. The review strategy involved a tool-assisted analysis of the program source code performed by Veridise security analysts as well as thorough code review.

Audit Report

DURATION

12 person-weeks

COMPLETED

June 3, 2025

View Audit Report

SCOPE

The scope of this security assessment is limited to folders circuit-abstraction, ec-gadgets and src of the source code provided by the Monero FCMP++ developers, which contains the implementation of the Monero FCMP++.

  • src/
    • circuit.rs
    • lib.rs
    • params.rs
    • tape.rs
    • tests.rs
    • tree.rs
    • gadgets/
      • interactive.rs
    • prover/
      • blind.rs
      • mod.rs
  • circuit-abstraction/src/
    • gadgets.rs
    • lib.rs
  • ec-gadgets/src/
    • dlog.rs
    • lib.rs
Total Findings
0
Mitigated
0
Critical Severity
0
High Severity
0
Medium Severity
0
Low Severity
0

Considering an audit?
Contact us today!

Contact Us