Project Information

CATEGORY

Zero-knowledge

NETWORK

Solidity

DESCRIPTION

From Dec. 1 to Dec. 31, Semaphore engaged Veridise to review the security of their Groups v3. The review covered the Zero-Knowledge circuits and on-chain contracts that implement the protocol logic. Veridise conducted the assessment over 16 person-weeks, with 4 engineers reviewing code over 4 weeks. The auditing strategy involved a tool-assisted analysis of the source code performed by Veridise engineers as well as extensive manual auditing.

Audit Report

DURATION

16 person-weeks

COMPLETED

January 5, 2023

SCOPE

This audit reviewed the ZK circuits and on-chain behaviors of Semaphore Groups v3. As such, Veridise auditors first inspected the provided tests and documentation to better understand the desired behavior of the provided source code at a more granular level. They then began a multi-week manual audit of the code assisted by both static analyzers and automated testing. Finally, they formalized the intended behavior of the Semaphore circuit and formally verified it with the help of Coda.

In terms of the audit, the key components include the following:

  • The main Semaphore contract
  • The zk-kit Incremental Merkle Tree implementation
  • The Semaphore whistleblowing and voting extensions
  • The Semaphore ZK circuit
Total Findings
0
Mitigated
0
Critical Severity
0
High Severity
0
Medium Severity
0
Low Severity
0

Considering an audit?
Contact us today!