Project Information
CATEGORY
Zero-knowledge
NETWORK
N/A
WEBSITE
https://www.sismo.io/
DESCRIPTION
From Mar. 21, 2023 to April 4, 2023, Sismo engaged Veridise to conduct a security review and formally verify the correctness of their Hydra-S2 Zero-Knowledge Circuits. These ZK circuits are used to validate private user information, including a user’s digital identity proof, and computation for the Sismo protocol. Veridise conducted the assessment over 4 person-weeks, with 2 engineers reviewing code over 2 weeks. The auditing strategy involved a tool-assisted analysis of the source code performed by Veridise engineers as well as extensive manual auditing. In parallel, the Veridise engineers also formally verified that the Hydra-S2 circuits adhere to the formal specifications shown in Section 5.
Audit Report
SCOPE
The scope of this audit is limited to the circuits directory of the Hydra-S2 repository, which contains the source code of the Hydra-S2 ZK circuits. While other files were included in the source code, they were not in the scope of the audit. During the audit, the Veridise auditors referred to the excluded files but assumed that they have been implemented correctly.