I use a lot of tools that are available for auditors formal verifiers aren't used very frequently because they require a little bit of expertise. So the most commonly what's used by I would say auditors now are in this particular domain are fuzzers and static analyzers. A fuzzer is going to randomly generate inputs to whatever your program is if it’s a smart contract it will randomly generate transactions and inputs to those transactions then feed them to your program. Fuzzers can find very interesting and deep logical violations or violations within your program which people don't usually think about but could happen in the wild.
This week Anna Rose chats with Jon Stephens, Computer Science Ph.D. student in the UToPiA group at UT Austin and co-founder of Veridise. Veridise is a blockchain auditing firm that audits smart contracts and ZK systems. They discuss what led Jon to work on system security, what tools are available to test the security of ZK systems and the process of performing formal verification on ZK systems. They also cover general ZK security, why this topic matters and ways we can incentivise ethical disclosures when bugs and vulnerabilities are found.
Additional reading for this week's episode;
- SmartPulse: Automated Checking of Temporal Properties in Smart Contracts by Stephens, Ferles, Mariano, Lahiri, and Dillig
- Certifying Zero-Knowledge Circuits with Refinement Types by J. Liu, Kretz, H. Liu, Tan, Wang, Sun, Pearson, Miltner, Dillig, and Feng
- Practical Security Analysis of Zero-Knowledge Proof Circuits by Wen, Stephens, Chen, Ferles, Pailoor, Charbonnet, Dillig and Feng
- Episode 67: Formal Verification with Martin Lundfall
- Episode 70: Digging into DAI with Rune Christensen from Maker
- Episode 255: Verifying Consensus On-Chain with Succinct
- Boogie: An Intermediate Verification Language
- Circom-lib
- How Coders Hacked Back to ‘Rescue’ $208 Million in Ethereum
zkSummit 10 is happening in London on September 20, 2023! Apply to attend now -> zkSummit 10 Application Form
Polygon 2.0 and all of our ZK tech is open-source and community-driven. Reach out to the Polygon community on Discord to learn more, contribute, or join in and build the future of Web3 together with Polygon!
Anoma’s first fractal instance, Namada, is launching soon!
The MASP circuit's latest update enables shielded set rewards directly in the shielded set, a novel feature that funds privacy as a public good.
Follow Namada on twitter @namada for more information and join the community on Discord discord.gg/namada.
If you like what we do: