ZK protocols are becoming popular because they improve the privacy and scalability of blockchain transactions. They allow one party to prove to another that a statement is true without revealing information.
In the last 100 audits, Veridise analyzed 1,605 vulnerabilities found. On average, the researchers found about 16 issues per audit, with the average for protocol audits using ZK being slightly higher at about 18 issues. 55% (11 out of 20) of ZK protocol audits contained a critical issue, compared to 27.5% (22 out of 80) for smart contract, wallet integration, blockchain implementation, and relay audits. The analysts attributed this to the complex cryptographic constructions of ZK protocols and their innovative nature.
According to Veridise, the most common vulnerabilities in the DeFi sector were logic errors (385), system recovery probability (355), and data validation (304), accounting for a total of 65% of all issues found in audits. These three issues also dominated the 360 ​​vulnerabilities found in the ZK audit.
Of the 223 critical vulnerabilities found, the most common were logical errors (91) and data validation issues (35), insufficient restrictions (19), denial of service (16) and access control issues (13). About 78% of the high-severity issues (174) across all tests were attributed to these five types of errors. Overall, critical errors account for between 10% and 30% of vulnerabilities, the analysts noted.
Veridise CEO and co-founder Jon Stephens explained that ZK protocols require precise semantics of operations to be developed. When these are not properly encoded in constraints, bugs arise. A large number of the bugs that have been identified arise because ZK is so different from the usual programming paradigm. He worries that attackers could create a proof that tricks a verifier into accepting a false statement as true, which would seriously undermine the integrity of the protocol.
Recall that last year, the OKX decentralized exchange was hacked, resulting in the platform losing more than $2.7 million due to a security breach in a smart contract. In March, the Curio crypto project lost $16 million. The reason was a critical vulnerability related to voting rights.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
