Blockchain security remains a pivotal concern for developers, with new insights emerging from recent audits conducted by Veridise, a prominent blockchain security firm. The firm’s latest findings underscore the critical issues present in zero-knowledge (ZK) projects, shedding light on the intricate landscape of blockchain technology and its associated risks.
Audit Findings and Statistics
Veridise analyzed 1,605 vulnerability findings from its last 100 audits, revealing an average of 16 issues per audit. Specifically, zero-knowledge (ZK) audits exhibited a higher frequency of vulnerabilities, averaging 18 issues per audit, with 55% of these audits containing at least one critical issue. In comparison, other blockchain audits showed a lower critical issue rate at 27.5%. The identified issues spanned smart contracts, wallet integrations, blockchain implementations, and relayers.
Zero-Knowledge Protocols: Potential and Challenges
Zero-knowledge protocols have garnered attention for their promise of enhanced privacy and scalability. These protocols enable one party to prove the truth of a statement to another party without revealing any additional information. While this approach offers several benefits, it also introduces complex cryptographic challenges, making security in ZK projects particularly intricate.
Jon Stephens, CEO and co-founder of Veridise, highlighted the complexities involved in developing a ZK circuit. He explained that creating a ZK circuit demands precise reasoning about the semantics of operations in the witness generator. Errors in encoding these semantics into constraints can lead to inevitable bugs, contributing to the critical vulnerabilities observed in ZK projects.
Common Vulnerabilities in DeFi Projects
Veridise’s audits also revealed that decentralized finance (DeFi) projects commonly suffer from vulnerabilities such as logic errors, maintainability issues, and data validation problems, which collectively account for 65% of all identified issues. These problems are more prevalent in ZK audits, where maintainability issues, including poor coding practices, may not be direct security vulnerabilities but can escalate into critical bugs if left unaddressed.
Implications for Blockchain Security
The findings from Veridise’s audits underscore the importance of rigorous security measures in blockchain development, especially in ZK projects. As zero-knowledge protocols continue to gain traction for their potential benefits, the need for precise and thorough security audits becomes increasingly critical. Developers must navigate the complex cryptographic challenges inherent in ZK technology to ensure robust and secure implementations.
Moving Forward
Veridise’s revelations highlight the evolving nature of blockchain technology and the ongoing need for vigilance in addressing security vulnerabilities. As the industry advances, the insights gained from these audits will be crucial in guiding future development and improving the overall security posture of blockchain projects. Through continuous auditing and the implementation of best practices, the blockchain community can better mitigate risks and foster a more secure ecosystem for decentralized applications.
More than 200 severe issues were discovered. Logic errors and data validation were the most common issues. Underconstrained circuit issues, Denial of Service (DoS) vulnerabilities and access control problems too were detected but in a less number.