github/zk-bug-tracker
1
1
Fork 0
mirror of https://github.com/0xPARC/zk-bug-tracker.git synced 2026-01-07 21:13:54 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add ZK Security Resources

Browse Source
This commit is contained in:
nullity00
2023-09-20 12:48:39 +05:30
parent 654983289d
commit 736130dcdb
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
README.md
View File

@@ -1360,5 +1360,10 @@ This repo was inspired by a few other github repos that also document common vul
# <a name="zk-security-resources-header">Zk Security Resources</a>
1. ["Security of ZKP projects: same but different"](https://www.aumasson.jp/data/talks/zksec_zk7.pdf) by JP Aumasson @ [Taurus](https://www.taurushq.com/). Great slides outlining the different types of zk security vulnerabilities along with examples.
2. [Circomspect](https://github.com/trailofbits/circomspect) by [TrailOfBits](https://www.trailofbits.com/). A static analyzer for circom code to help detect vulnerabilities. The TrailOfBits [introduction post](https://blog.trailofbits.com/2022/09/15/it-pays-to-be-circomspect/) for this tool is a great read.
2. [Security Reviews of ZK Protocols](https://github.com/nullity00/zk-security-reviews) - Consists of Security Reports of 20+ Protocols which use Zero Knowledge Proofs.
3. [Circomspect](https://github.com/trailofbits/circomspect) by [TrailOfBits](https://www.trailofbits.com/). A static analyzer for circom code to help detect vulnerabilities. The TrailOfBits [introduction post](https://blog.trailofbits.com/2022/09/15/it-pays-to-be-circomspect/) for this tool is a great read.
4. [Picus](https://github.com/Veridise/Picus) - A static analysis tool for ZKP circuits implemented in Circom (or anything that compiles to R1CS). [Lecture on Picus](https://www.youtube.com/watch?v=av7Wq742GIA) & formal verification by Yu Feng from MOOC 2023.
5. [Ecne](https://github.com/franklynwang/EcneProject) - Automated Verification of ZK Circuit, good for finding uniqueness/under-constraint bugs in circuit to QAP/R1CS conversion
6. [Coda](https://github.com/Veridise/Coda) is an Interactive Theorem prover.
7. [Korrekt](https://github.com/quantstamp/halo2-analyzer) is Quantstamp's proof of concept for checking correctness of Halo2 circuits as described in this [paper](https://ceur-ws.org/Vol-3429/paper3.pdf). Talks on linting Halo2 circuits at [ZKSummit9](https://www.youtube.com/watch?v=4KyjBlHBmI0) & [ETHDenver](https://www.youtube.com/watch?v=66gtzO-G1IA).
8. [ZK-EVM Audit education sessions](https://www.notion.so/zkEVM-Audit-Education-Session-11-15-11-22-86d60daceadb438f85908817f7082611) by Scroll & Polygon.