Audits
2024 zk-regex and ZKsync update by Matter Labs
The zk-regex rewrite and Solidity ZKsync deployments underwent an audit by Matter Labs in October 2024. You can view the full audit report here.
2024 Ether Email Auth Audit by Zellic
We completed an audit with Zellic of our Ether Email Auth library in September 2024.
Fixes are merged on commit 38d9a4 on ether-email-auth.
2024 Account Recovery Smart Contract Audit by Ackee
We completed an audit of our smart contracts for Account Recovery in July 2024.
Fixes committed at 482d295 on email-recovery.
2024 Audit by zksecurity
We completed a second audit in May 2024 of all of our ZK circuits, including our latest ZK regex rewrite. The audit deemed that EmailVerifier was safe, but people using sub-components in custom circuits may require extra changes and validations. We have fixed all of the high/medium issues, and you can see the full report here and use the fixed circuits via using version 6.1.1 from npm.
Fixes committed at 95cd90 for zk-email-verify
Fixes committed at 5396ec for zk-regex
2023 Audit by Y Academy
We completed our first audit on the circom dependencies and helper templates in zk-email-verify. Below, you'll find a detailed PDF report of the findings. We've addressed each issue raised in the audit and have listed the corresponding PRs with each fix.