According to "The Block", a report by blockchain security company Veridise pointed out that security audits of zero-knowledge projects are twice as likely to find critical issues than other audit types.

Veridise analyzed 1,605 vulnerabilities found in its most recent 100 audits and found that the average number of vulnerabilities found per audit was about 16, while the number of vulnerabilities found in ZK ad hoc audits was slightly higher at 18 on average.

But when focusing on critical vulnerabilities, Veridise found that 55% (11 out of 20) of ZK audits had critical issues, compared with the proportion of other audits (including smart contracts, wallet integrations, blockchain implementations, and relayers) is 27.5% (22 out of 80 cases have critical problems).

According to Veridise, ZK security is "more challenging" and its audits will find more critical vulnerabilities due to the complex cryptographic structure and innovation in the ZK protocol, which can often break the boundaries of existing cryptography technology .

“Developing ZK circuits requires precise reasoning about the semantics of the operations in the witness generator,” Jon Stephens, co-founder and CEO of Veridise, told The Block. “When those semantics are not properly encoded into constraints, errors can occur. This explains why there are more bugs in the circuit, because it is very different from typical programming methods."

The most common DeFi vulnerabilities

Veridise said that overall, the most common vulnerabilities found in the company's audits were logic errors (385), maintainability (355) and data validation (304) issues, which accounted for 65% of the total issues found in the audit. %. These three issues also accounted for the majority of the 360 ​​ZK audit-specific vulnerabilities discovered.

The team said that while maintainability issues are not exactly security vulnerabilities, including issues such as poor programming practices, they can become serious vulnerabilities by just a few seconds.

Among the 223 serious (critical or high-level) problem types found, logic errors (91) and data verification (35) were the most common, followed by "circuit with too few constraints" (19), denial of service (16) ) and access control (13) vulnerabilities, etc. Across all audits, approximately 78% of high-severity issues were traced to these five types, accounting for 174 of the vulnerabilities discovered.

According to Veradise’s explanation, logic errors occur when program code fails to perform its intended function due to errors in the logic flow. A typical example is a smart contract that incorrectly allows a user to withdraw funds that exceed their balance. Data verification issues involve the failure to appropriately verify the correctness, completeness and authenticity of data before processing it. Denial of service issues involve attacks designed to disrupt the normal functioning of a protocol, for example, a smart contract may be incorrectly designed to allow an attacker to consume all available Gas. Finally, access control issues are those where unauthorized users can gain access to restricted areas or functions.

Vulnerabilities specific to ZK auditing

According to Veridise, critical issues account for about 10% to 30% of most vulnerability types, but "underrestricted circuits" have a 90% chance of containing critical or high-level issues.

"Circuits that are under-constrained are a typical problem endemic to zero-knowledge related audits... [which arise] when the constraints of an arithmetic circuit are insufficient to adequately enforce all necessary conditions to check that certain computations were performed correctly." "They will not appear in traditional smart contracts," the company explained.

This means that a malicious party could create a proof that tricks a validator into accepting a false statement as true, thereby seriously compromising the integrity of the protocol.

In Veridise's audits, zero-knowledge technologies are frequently used in critical infrastructure protocols such as Layer 2 ZK-rollups, ZK-VMs, and circom libraries. The security of these protocols is critical as it affects all decentralized applications (DApps) built on top of them.

Veridise claims that more than $10 billion has been hacked from various blockchain and DeFi platforms since 2018, and that greater visibility into vulnerability types is necessary to help guide the Web3 project to focus on the most serious vulnerabilities. and proactively prevent them.

source

Related articles: "Zero-knowledge proof: solution to privacy issues, how to explain zero-knowledge proof?" "Beyond WEB3, understand the application landscape and entrepreneurial opportunities of zero-knowledge proofs in one article"

Source