Introducing bugs.zksecurity.xyz a knowledge base for ZK bugs
Written by Stefanos Chaliasos on

zkbugs website

We are excited to announce the launch of bugs.zksecurity.xyz, a website dedicated to documenting and analyzing past vulnerabilities in ZK circuits. This website serves as an open repository where developers, researchers, and security professionals can explore past security issues, reproduce known vulnerabilities, and contribute to improve this knowledgebase.

On the website and the zkbugs repo, you will find:

  • A Catalog of ZK Bugs: A growing dataset of known vulnerabilities in ZK circuits, each documented with descriptions, root causes, and potential mitigations.
  • Bug Reproduction Reports: A collection of bugs we have successfully reproduced, with accompanying scripts.
  • Security Tools List: A list of available security tools for different ZK DSLs.
  • Tool Evaluations: Results from our assessments of different security tools against reproduced bugs, providing insights into their strengths and weaknesses.
  • Contribution Guidelines: Instructions on how you can participate in expanding the dataset, reproducing bugs, or improving the website.

Expanding the zkBugs Dataset

In our previous blog posts, we introduced the zkBugs repository – a comprehensive collection of known vulnerabilities in ZK circuits – and discussed the state of security tools for ZKPs. Today, we’re excited to share significant updates to the zkBugs dataset and our ongoing efforts to build a thorough and updated knowledge base.

We have expanded the zkBugs dataset to include a total of 89 documented bugs, providing a broader spectrum of vulnerabilities for study and analysis. Out of these, we have successfully reproduced 22 vulnerabilities. Each reproduced bug is accompanied by comprehensive, end-to-end scripts that demonstrate the exploit.

Evaluating Security Tools

Further, we have evaluated two prominent tools – Circomspect and Picus – against the 22 reproduced bugs. The evaluation results are available in the zkBugs repository:

  • Circomspect: A static analysis tool designed to detect underconstrained vulnerabilities in Circom circuits. Our evaluation provides insights into its effectiveness and areas for improvement.
  • Picus: A formal verification tool that uses symbolic execution to identify potential flaws in Circom circuits. The assessment highlights its strengths in ensuring circuit correctness but also demonstrates potential scalability concerns.

Future Directions

Our journey doesn’t end here. We plan to continue reproducing additional bugs and enriching the dataset with new findings. By expanding the repository, we aim to create a more comprehensive resource that reflects the evolving landscape of ZK vulnerabilities.

Call for Contributions

We believe that collaborative efforts are key to enhancing the security of ZK applications. We warmly welcome contributions from the community in various forms:

  • Adding New Bugs: If you’re aware of vulnerabilities not yet included in our dataset, please consider contributing by adding them.
  • Reproducing Bugs: Assist in reproducing documented bugs to provide deeper insights and validation.
  • Tool Evaluation Scripts: Develop scripts to evaluate additional tools against the vulnerabilities in our dataset.
  • Website Improvements: Enhance the functionality and user experience of our website to make information more accessible.
  • Issue Reporting: Open issues for bugs you’d like to see included or reproduced, or suggest improvements to our existing resources.

Your contributions are invaluable in building a robust knowledge base that benefits the entire community.

Looking Ahead

We envision the zkBugs repository as more than just a collection of vulnerabilities. Our goal is to establish a knowledge base that serves both educational and research purposes, helping individuals learn from past vulnerabilities and fostering advancements in the field. As the ZK ecosystem continues to grow, we aim to develop a community-driven advisory platform that will provide notifications for critical bugs in the most important projects and libraries of the space.

Stay tuned for more updates, and we look forward to your active participation.

Acknowledgements

This project has been partially funded by the EF with support from Aztec, Polygon, Scroll, Taiko, and zkSync.