Audits
2024 zk-regex and ZKsync update by Matter Labs
Matter Labs audited our zk-regex rewrite and ZKsync Solidity contracts in October 2024. The audit report is available below.
The following commits contain all fixes addressing the audit findings:
- Fixes committed at 9ed376 for zk-email-verify
- Fixes committed at 7002a2 for zk-regex
- Fixes committed at 984b59 for ether-email-auth
- Fixes committed at c866ec for email-recovery
- Fixes committed at a60eb9 for clave-email-recovery
- Fixes committed at 0327db for ic-dns-oracle
2024 Ether Transaction Builder Audit by Zellic
We completed an audit with Zellic of our Ether Transaction Builder (previously known as Ether Email Auth) library in September 2024.
Fixes are merged on commit 38d9a4 on ether-email-auth.
2024 Account Recovery Smart Contract Audit by Ackee
We completed an audit of our smart contracts for Account Recovery in July 2024.
- Fixes committed at 482d295 on email-recovery.
2024 Audit by zksecurity
We completed a second audit in May 2024 of all of our ZK circuits, including our latest ZK regex rewrite. The audit deemed that EmailVerifier was safe, but people using sub-components in custom circuits may require extra changes and validations. We have fixed all of the high/medium issues, and you can see the full report here and use the fixed circuits via using version 6.1.1 from npm.
2023 Audit by Y Academy
We completed our first audit on the circom dependencies and helper templates in zk-email-verify. Below, you'll find a detailed PDF report of the findings. We've addressed each issue raised in the audit and have listed the corresponding PRs with each fix.