Token Radar
Token Radar
Markets
Top 100
Growth leaders
Leaders of fall
Blockchains
Tags
Crypto data
News
Exchanges
Funds
ICO/IDO
Tools
Converter
BTC Unit converter
ETH Unit converter
Cryptocurrency news

Experts have noted the increased vulnerability of the ZK protocols

Forklog / 22.07.2024 / 11:27
Experts have noted the increased vulnerability of the ZK protocols

Audit of DeFi projects based on zero-knowledge proof technology (ZK) was twice as likely to identify critical errors than in general cases. This is reported by The Block with reference to the Veridise report.

The company's specialists analyzed 1,605 vulnerabilities identified during 100 inspections. They found an average of 16 problems per audit, while the indicator of ZK projects turned out to be slightly higher and amounted to 18 errors.

However, in terms of critical vulnerabilities, the last 55% (11 out of 20) contained similar problems compared with 27.5% (22 out of 80) of the remaining checks.

According to experts, the security of ZK solutions is "simply more complex" due to the complex cryptographic designs and the innovative nature of the protocols.

"The development of the ZK scheme requires an accurate justification of the semantics of operations in the witness generator. When these constructs are incorrectly encoded due to limitations, you get errors. It is logical that there are more of them in [these] schemes, since they are very different from the typical programming paradigm," explained John Stevens, co—founder and CEO of Veridise.

In general, the most common vulnerabilities discovered during audits were logical errors (385), ease of maintenance (355) and data validation (304). These categories accounted for 65% of all identified problems.

Veridise noted that the lack of usability, strictly speaking, does not relate to security vulnerabilities. But bad code writing practices "are one step away from creating critical vulnerabilities," the team stressed.

For ZK protocols, "insufficiently limited contours" became a specific problem, which with a 90% probability led to a serious error.

«[...] when the limitations of the arithmetic scheme do not sufficiently provide all the necessary conditions to verify that some calculations were performed correctly. They are not found in traditional smart contracts," the firm noted.

This means that an attacker can create evidence that will trick the verifier into mistaking a false statement for a true one, which will seriously undermine the integrity of the protocol.

Recall that ForkLog spoke about the development of ZK protocols in 2024 in an exclusive article.

Source
Recently News
See all news
  • Token Radar
© Token Radar 2024. All Rights Reserved.
IMPORTANT DISCLAIMER: All content provided herein our website, hyperlinked sites, associated applications, forums, blogs, social media accounts and other platforms (“Site”) is for your general information only, procured from third party sources. We make no warranties of any kind in relation to our content, including but not limited to accuracy and updatedness. No part of the content that we provide constitutes financial advice, legal advice or any other form of advice meant for your specific reliance for any purpose. Any use or reliance on our content is solely at your own risk and discretion. You should conduct your own research, review, analyse and verify our content before relying on them. Trading is a highly risky activity that can lead to major losses, please therefore consult your financial advisor before making any decision. No content on our Site is meant to be a solicitation or offer.