A curated list of awesome ZKP Security resources, papers, tutorials, and tools. Inspired by Awesome-Smart-Contract-Security.
If you want to add a new resource, please submit a pull request to improve this file. Thank you!
Curated Lists for ZKPs
- Xor0v0/awesome-zero-knowledge-proofs-security
- sCrypt-Inc: Awesome zero knowledge proofs
- matter-labs: Awesome zero knowledge proofs
- ventali/awesome-zk
- zkp.science
- Zero-Knowledge Proofs Starter Pack
- gakonst/awesome-starknet
- Zero Knowledge Canon by a16z
- ZKP Knowledge Base by Delendum Research
Courses
- Zero Knowledge Proofs MOOC
- MIT's Modern Zero Knowledge Cryptography
- 0xParc's Circom and Halo2 learning groups
Books
- The MoonMath Manual to zk-SNARKs: minimal experience in cryptography required
- A Graduate Course in Applied Cryptography (Dan Boneh and Victor Shoup, 2023)
- Proofs, Arguments, and Zero-Knowledge (Justin Thaler, 2022)
- Building Cryptography Proofs from Hash Functions (Alessandro Chiesa and Eylon Yogev, 2024)
- zkSecurity's Blog
- 0xParc's Blog
- Trail of Bits' Blog
- OZ's Security Insights Blog
- Veridise's Blog
- Zellic's Blog
- David Wong's Blog
Specific blog posts / Vulnerability Disclosures
- The State of Security Tools for ZKPs
- Detecting boomerang values in zero-knowledge circuits using tag analysis
- The zero-knowledge attack of the year might just have happened, or how Nova got broken
- Do in secret. Assert in public. Don't under-constrain your prover's witness computation in ZK programs
- Ecne: Automated Verification of ZK Circuits
- What Is a ZK Audit?
- ZK-SNARKS & The Last Challenge Attack: Mind Your Fiat-Shamir!
- The Frozen Heart vulnerability in PlonK
- The Frozen Heart vulnerability in Bulletproofs
- Coordinated disclosure of vulnerabilities affecting Girault, Bulletproofs, and PlonK
- It pays to be Circomspect
- Disarming Fiat-Shamir footguns
- Zcash Counterfeiting Vulnerability Successfully Remediated
- Security Vulnerabilities in ZK
- Circom-Pairing: A Million-Dollar ZK Bug Caught Early
- Developing securely on Aleo blockchain: Common Vulnerability Patterns
- Satisfiability Modulo Finite Fields: Unlocking SMT for ZK Verification
- ZK Vulnerabilities: Sharp rocks hidden in deep water
- Medjai: Protecting Cairo code from Bugs
- Patch Thursday — Uncovering a ZK-EVM Soundness Bug in zkSync Era
- Common Vulnerabilities in ZK Proof
- ChainLight saved zkSync Era from $1.9B exploit
- ZKPs for Engineers: A look at the Dark Forest ZKPs
- Facebook: Critical bugs in Facebook/Polygon Winterfell library
- Vulnerabilities patched in Aztec 2.0
- 00 PLONK Bug
- Aztec: Disclosure of recent vulnerabilities
- Tornado.cash got hacked. By us.
- Filecoin —one PoREP vulnerability found by Trapdoor Tech
- Formal Verification of ZK Constraint Systems
- Groth16 Malleability
- Collection of security reviews of ZK Protocols
- zksecurity audit reports
- openzeppelin audit reports
- veridise audit reports
- ZKP MOOC Lecture 15: Secure ZK Circuits with Formal Methods
- zkStudyClub: Zero-Knowledge Proofs Security, in Practice -- JP Aumasson, Taurus
- 0xParc: (Workshop) ZK Security Research
- Are Your Zero-Knowledge Proofs Correct? by Jon Stephens | Devcon Bogotá
- Shankara Pailoor - Picus: Push button zk circuit verification
- Introduction to ZK Security Research | David Theodore | PROGCRYPTO
- ZK7: Security of ZKP projects: same but different - JP Aumasson - Taurus
- ZK9: Fuzzy Knowledge Fuzzing SNARK circuit primitives – Innokentii Sennovskii (Aztec Network)
- ZK10: ZK Vulnerabilities and Attacks - Stefanos Chaliasos
- ZK11: Insights from and on Taxonomy of ZKP Vulnerabilities - Gyumin Roh
- ETH Seoul 2023: Opinionated Survey of ZKP Security by Gyumin Roh, KALOS/HAECHI LABS
- ZKProof 6: Exploiting a Vulnerable Implementation of the Fiat-Shamir Transform in a KZG-based SNARK
- ZKProof 6: Why Verifying the Verifier Opens Up Longer-Term ZK Innovation - Ben Livshits (Matter Labs)
- ZKProof 6: Practical Formal Verification for Arithmetic Circuits - Marcin Kostrzewa (Reilabs)
- ZKProof 6: SoK: Understanding Security Vulnerabilities in SNARKs - Stefanos Chaliasos (Imperial College London)
- ETHCC[7]: Analysis and Auditing of ZKP Vulnerabilities
- SoK: What don't we know? Understanding Security Vulnerabilities in SNARKs
- Zero-Knowledge Proof Vulnerability Analysis and Security Auditing
- The Ouroboros of ZK: Why Verifying the Verifier Unlocks Longer-Term ZK Innovation
- CLAP: a Semantic-Preserving Optimizing eDSL for Plonkish Proof Systems
- An SMT-LIB Theory of Finite Fields
- Weak Fiat-Shamir Attacks on Modern Proof Systems
- Practical Security Analysis of Zero-Knowledge Proof Circuits
- Automated Detection of Under-Constrained Circuits in Zero-Knowledge Proofs
- Certifying Zero-Knowledge Circuits with Refinement Types
- Bounded Verification for Finite-Field-Blasting (In a Compiler for Zero Knowledge Proofs)
- Automated Analysis of Halo2 Circuits
- Formal Verification of Zero-Knowledge Circuits
- SMT Solving over Finite Field Arithmetic
- Compositional Formal Verification of Zero-Knowledge Circuits
- Satisfiability Modulo Finite Fields
- Leo: A Programming Language for Formally Verified, Zero-Knowledge Applications
- SNARKProbe: An Automated Security Analysis Framework for zkSNARK Implementations
- Scalable Verification of Zero-Knowledge Protocols
- The Last Challenge Attack: Exploiting a Vulnerable Implementation of the Fiat-Shamir Transform in a KZG-based SNARK
- fAmulet: Finding Finalization Failure Bugs in Polygon zkRollup
- Fuzzing Processing Pipelines for Zero-Knowledge Circuits
If the link points to a paper then it means that the tool is not open-sourced.
Tool | Layer | DSL / Target | Analysis |
---|---|---|---|
Circomspect | Circuit | Circom | Static Analysis |
ZKAP | Circuit | Circom | Static Analysis |
halo2-analyzer | Circuit | halo2 | Static Analysis / Symbolic Analysis |
Coda | Circuit | Circom | Formal Verification (Coq) |
Picus | Circuit | Circom, GNARK (R1CS) | Formal Verification |
Ecne | Circuit | Circom (R1CS) | Formal Verification |
SNARKProbe | Circuit/Backend | R1CS | Fuzzing |
circom_civer | Circuit | Circom | Formal Verification |
gnark-lean-extractor | Circuit | Gnark | Formal Verification (Lean) |
fAmulet | Circuit/zk(E)VM | Polygon zkEVM | Fuzzing |
zkwasm-fv | Circuit/zk(E)VM | zkWasm | Formal Verification (Coq) |
MTZK | Frontend | ZoKrates, Noir, Cairo, Leo | Fuzzing (Metamorphing Testing) |
Circuzz | Frontend | Circom, Corset, GNARK, Noir | Fuzzing (Metamorphing Testing) |
aztec_fuzzing | Frontend | Noir | Fuzzing (Generation-based) |
sierra_analyzer | Circuit | Cairp | Static Analysis / Symbolic Execution |