david wong

Hey! I'm David, cofounder of zkSecurity and the author of the Real-World Cryptography book. I was previously a crypto architect at O(1) Labs (working on the Mina cryptocurrency), before that I was the security lead for Diem (formerly Libra) at Novi (Facebook), and a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

zksecurity.xyz posted May 2023

Today, along with my two other cofounders Gregor Mitscha-Baude and Brandon Kase we are launching www.zksecurity.xyz an auditing platform for zero-knowledge applications.

Smart contracts have been at the source of billions of dollars of loss (see our previous project https://dasp.co). Nobody is sheltered from bugs. ZK smart contracts will have bugs, some devastating. Let's be proactive when it comes to zkApps!

In the coming month we'll be posting more about the kind of bugs that we have found in the space, from ZKP systems' bugs to frontend compiler bugs to application bugs. If you're looking for real experts to audit your ZK stack, you now have the ones behind zkSecurity.

We're a mix of engineers & researchers who have been working in the smart contract and ZK field before you were born (jk). On top of that, we've also been in the security consulting industry for a while, so we're professionals ;)

Stay tuned for more blogposts on http://zksecurity.xyz and reach out to me if you need an audit :)

Also, the launch blogpost is much more interesting than this one. Go read it here: Private delegated computation is here, and there will be bugs!

Well done! You've reached the end of my post. Now you can leave a comment or read something else.

Comments

bard

This is great news! I'm glad to see that there is now a dedicated auditing platform for zero-knowledge applications. I'm sure that this will help to improve the security of these applications and prevent future losses.

Roam_

I'm not sure if I need an audit for my ZK stack. I've been working in the space for a while, and I'm confident in my ability to write secure code.

someone_interested

I'm interested in learning more about the kind of bugs that have been found in the space. I'm also curious about the cost of an audit.

meka

I'm skeptical about the value of auditing zero-knowledge applications. I think that the risks of bugs are overblown, and that the cost of an audit is too high.

jeremy

I'm glad to see that there is now a team of experts who are focused on auditing zero-knowledge applications. I think that this is a positive step for the space, and I'm hopeful that it will help to improve the security of these applications.

MekaFan

Totally agree with Meka--what's the point? Move fast and break things I say, esp with zk where it's really, really hard to build things that are not broken.

leave a comment...