Zero Knowledge audits

Comprehensive security audit of your Zero-Knowledge circuits and dapps to identify vulnerabilities and recommendations how to fix them.

We have experience with a wide range of ZK languages, frameworks and proving systems, including Circom, Halo2, Nova, Plonky2, gnark and others.

Trusted partner for several leading ZK projects

Manta has engaged Veridise for several audits, including Manta’s Zero-Knowledge Library.

O1JS engaged Veridise to audit their ZK-DSL and CLI for deploying zero-knowledge apps on the Mina blockchain.

Succinct engaged Veridise to audit their Telepathy protocol that allows cross-chain interoperability.

semaphore-logo

Semaphore engaged Veridise to audit their ZK protocol that allows casting a message (e.g. a vote/endorsement) as a provable group member without revealing your identity.

Andy Guzman

Product Owner at Semaphore, Privacy & Scaling Explorations Team, Ethereum Foundation

The Veridise team was extremely detailed, helpful and collaborative during the audit and formal verification, it was a joy working with them.

Uma Roy

Co-Founder and CEO of Succinct

We are super happy to have worked with Veridise. It’s clear they looked into our circuits in great detail. One of the bugs they found was critical and quite subtle, so we were impressed with their work.

The Veridise difference: Why us?

Seasoned professionals

Veridise’s ZK team is composed of seasoned professionals with several PhDs in formal methods, software security and blockchain.

In-house tooling

In addition to rigorous human auditing, our in-house tools detect bugs that the human eye has a difficult time finding. This enhances the quality and effectiveness of our audits.

Confidentiality and ownership

We uphold the confidentiality of the report, although many of our clients find value in publishing it. Additionally, our reports become fully yours upon completion of the audit, unlike with some other providers.

Veridise’s edge: our in-house tools

Veridise combines professionals who manually review code with our in-house tools.

Our in-house tools enable Veridise to detect hard-to-find bugs that are difficult for the human eye to identify, leading to comprehensive audit reports. With Veridise, your codebase is in the hands of industry-leading detection methods.

OrCa

Specification-guided fuzzer

Vanguard

Static analysis tool for smart contracts and ZK circuits

Picus

Zero-Knowledge Proof auditing tool finding bugs in arithmetic circuits

Special considerations with Zero Knowledge audits

Auditing Zero Knowledge circuits and applications comes with unique challenges that Veridise is especially equipped to assess. We have detected a significant bug in all of our ZK audits. 

Auditing Zero Knowledge circuits and applications comes with unique challenges that Veridise is especially equipped to assess. We have detected a significant bug in all of our ZK audits. 

Traditional smart contract audits primarily focus on code correctness, vulnerability checks, and adherence to best practices, whereas ZKP audits also need to ensure the cryptographic elements function correctly without compromising privacy or security. 

As an example, in ZK audits, auditors often need to validate the construction and evaluation of zero-knowledge circuits. Often this is checking underconstrained circuits, which means the circuit does not have enough constraints to uniquely determine all the variables in the computation. Multiple solutions may allow prover to create a seemingly valid proof for an incorrect statement, which may lead to serious vulnerabilities. 

ZKP audits also often require the verification of the cryptographic primitives used, such as hash functions, commitment schemes, and elliptic curve operations, to ensure they are implemented securely and according to the specific requirements of the ZKP protocol.

Articles on Zero Knowledge

Veridise has developed industry-leading expertise in auditing Zero Knowledge Proof related applications. We have extensively written about Zero Knowledge related topics.

What is a proof?

Alp Bassa

9 min read

Interactive Proofs

Alp Bassa

9 min read

Zero-Knowledge Proofs

Alp Bassa

9 min read

The Fiat-Shamir Transform

Alp Bassa

9 min read

Succinctness

Alp Bassa

10 min read

Intermediate Representations

Alp Bassa

13 min read

Proof systems

Alp Bassa

12 min read

Recursive SNARKs and IVC

Alp Bassa

8 min read

Halo and Accumulation

Alp Bassa

9 min read

Nova and Folding (1/2)

Alp Bassa

13 min read

Nova and Folding (2/2)

Alp Bassa

9 min read

Conference presentation on Zero-Knowledge

We’ve delivered presentation at numerous conferences about Zero-Knowledge and our in-house ZK vulnerability detection tools.

Are your ZK Proofs Correct?

25min | Jon Stephens | Devcon Bogotá

Automatic detection of ZK Bugs

13min | Jon Stephens | IOSG OFP Denver

Zeroday: Why ZK Security is Important?

45min | Kostas Ferles | Nil Foundation

Picus: Push button ZK circuit verification

17min | Shankara Pailoor | EthCC 2023

Automated detection of ZKP vulnerabilities

16min | Alp Bassa | Secureum TrustX

Picus: Automated verification of ZKP...

15min | Andreea Buterchi | TrustX

Practical Security Analysis of ZKP...

21min | Kostas Ferles 

Common Vulnerability Patterns in Aleo

29min | Jon Stephens and Kostas Ferles

ZK Circuits in dApps: Common Bugs to...

22min | Jon Stephens

Academic work on Zero-Knowledge security research

Certifying Zero-Knowledge Circuits with Refinement Types

Veridise ZK Team

IEEE Security & Privacy Conference

Oakland Security

Automated Detection of Under-constrained Circuits in Zero-Knowledge Proofs

Veridise ZK Team

Academic Paper

PLDI 2023

Practical Security Analysis of Zero-Knowledge Proof Circuits

Veridise ZK Team

USENIX Security Conference

Demystifying Loops in Smart Contracts

Veridise ZK team

CAV 2024

Computer Aided Verification conference

Considering an audit?
Contact us today!