Skip to main content

Audits

2024 zk-regex and ZKsync update by Matter Labs

Matter Labs audited our zk-regex rewrite and ZKsync Solidity contracts in October 2024. The audit report is available below.

The following commits contain all fixes addressing the audit findings:

  • Fixes committed at 9ed376 for zk-email-verify
  • Fixes committed at 7002a2 for zk-regex
  • Fixes committed at 984b59 for ether-email-auth
  • Fixes committed at c866ec for email-recovery
  • Fixes committed at a60eb9 for clave-email-recovery
  • Fixes committed at 0327db for ic-dns-oracle

2024 Ether Transaction Builder Audit by Zellic

We completed an audit with Zellic of our Ether Transaction Builder (previously known as Ether Email Auth) library in September 2024.

Fixes are merged on commit 38d9a4 on ether-email-auth.

2024 Account Recovery Smart Contract Audit by Ackee

We completed an audit of our smart contracts for Account Recovery in July 2024.

2024 Audit by zksecurity

We completed a second audit in May 2024 of all of our ZK circuits, including our latest ZK regex rewrite. The audit deemed that EmailVerifier was safe, but people using sub-components in custom circuits may require extra changes and validations. We have fixed all of the high/medium issues, and you can see the full report here and use the fixed circuits via using version 6.1.1 from npm.

  • Fixes committed at 95cd90 for zk-email-verify
  • Fixes committed at 5396ec for zk-regex

2023 Audit by Y Academy

We completed our first audit on the circom dependencies and helper templates in zk-email-verify. Below, you'll find a detailed PDF report of the findings. We've addressed each issue raised in the audit and have listed the corresponding PRs with each fix.

  • Missing constraint for illegal characters: PR#103
  • Incorrect use of division operation: PR#104
  • Missing range checks for output signals: PR#104
  • Missing constraints for a signal input: PR#104
  • Missing constraints for output signals: PR#104
  • Issue with value retrieval in the LongToShortNoEndCarry: PR#104