CertiK identified two soundness bugs in zkWasm. The first one, found during Stage 1 manual review, was a missing constraint on a Load instruction from memory. The second one that was uncovered via formal verification in Stage 2, involved the Return instruction, which could enable unintended control flow by adding fake returns due to missing constraints. Both soundness vulnerabilities could allow malicious provers to generate invalid proofs to bypass verifier’s validity checks.
CertiK is a trusted audit partner for zero-knowledge protocol projects, backed by deep expertise in formal verification and applied cryptography. Our audit process combines rigorous manual code reviews by domain experts with custom formal verification to ensure both the correctness of the prover’s zero-knowledge proof generation and the integrity of the verifier's validation logic, as demonstrated in our work zkWasm. This hybrid approach allows us to uncover subtle soundness vulnerabilities and logic flaws that manual review alone often misses, providing a higher level of assurance for your zero-knowledge cryptographic systems.
Learn More From Our Resources
'%3e%3cpath%20d='M4.04962%205.39111H43.6092V41.4738H4.04962C2.58483%2041.4738%201.39111%2040.2853%201.39111%2038.8153V8.04962C1.39111%206.57962%202.58483%205.39111%204.04962%205.39111Z'%20stroke='%23414042'%20stroke-width='0.688083'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M43.6092%2035.5051H4.70121C2.87154%2035.5051%201.39111%2033.9257%201.39111%2031.9813'%20stroke='%23414042'%20stroke-width='0.688083'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4.97671%209.96794C5.75977%209.96794%206.39458%209.33314%206.39458%208.55007C6.39458%207.767%205.75977%207.1322%204.97671%207.1322C4.19364%207.1322%203.55884%207.767%203.55884%208.55007C3.55884%209.33314%204.19364%209.96794%204.97671%209.96794Z'%20fill='%23E5453D'/%3e%3cpath%20d='M9.35195%209.97319C10.135%209.97319%2010.7698%209.33839%2010.7698%208.55532C10.7698%207.77225%2010.135%207.13745%209.35195%207.13745C8.56888%207.13745%207.93408%207.77225%207.93408%208.55532C7.93408%209.33839%208.56888%209.97319%209.35195%209.97319Z'%20fill='%23E5453D'/%3e%3cpath%20d='M1.39111%2011.8392H43.6092'%20stroke='%23414042'%20stroke-width='0.688083'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M27.064%2028.9789L39.5746%2028.9789'%20stroke='%231A1B26'%20stroke-width='0.688083'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M21.3296%2023.2446H39.4543'%20stroke='%231A1B26'%20stroke-width='0.688083'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M21.3296%2017.5107H39.5742'%20stroke='%231A1B26'%20stroke-width='0.688083'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M12.5135%2022.9978C14.7462%2022.9978%2016.5603%2021.1837%2016.5603%2018.951C16.5603%2016.7184%2014.7462%2014.9043%2012.5135%2014.9043C10.2808%2014.9043%208.4668%2016.7184%208.4668%2018.951C8.4668%2021.1837%2010.2808%2022.9978%2012.5135%2022.9978Z'%20fill='%23E5453D'/%3e%3cpath%20d='M20.3699%2029.2523V31.0986C20.3699%2031.5387%2020.0157%2031.9036%2019.5648%2031.9036H5.97547C5.53537%2031.9036%205.17041%2031.5387%205.17041%2031.0986V29.2523C5.17041%2026.6654%207.27429%2024.5615%209.86121%2024.5615H15.6791C16.2051%2024.5615%2016.7096%2024.6474%2017.1819%2024.8191C17.1819%2024.8191%2017.1819%2024.8084%2017.1926%2024.8191C19.0389%2025.4417%2020.3699%2027.1914%2020.3699%2029.2523Z'%20fill='%23E5453D'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_34_1485'%3e%3crect%20width='43'%20height='36.8646'%20fill='white'%20transform='translate(1%205)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
