ZK/SEC Quarterly

Back to all posts

Introducing bugs.zksecurity.xyz a knowledge base for ZK bugs

Stefanos Chaliasos February 17, 2025 3 min read

zkbugs website

We are excited to announce the launch of bugs.zksecurity.xyz, a website dedicated to documenting and analyzing past vulnerabilities in ZK circuits. This website serves as an open repository where developers, researchers, and security professionals can explore past security issues, reproduce known vulnerabilities, and contribute to improve this knowledgebase.

On the website and the zkbugs repo, you will find:

Expanding the zkBugs Dataset

In our previous blog posts, we introduced the zkBugs repository -- a comprehensive collection of known vulnerabilities in ZK circuits -- and discussed the state of security tools for ZKPs. Today, we're excited to share significant updates to the zkBugs dataset and our ongoing efforts to build a thorough and updated knowledge base.

We have expanded the zkBugs dataset to include a total of 89 documented bugs, providing a broader spectrum of vulnerabilities for study and analysis. Out of these, we have successfully reproduced 22 vulnerabilities. Each reproduced bug is accompanied by comprehensive, end-to-end scripts that demonstrate the exploit.

Evaluating Security Tools

Further, we have evaluated two prominent tools -- Circomspect and Picus -- against the 22 reproduced bugs. The evaluation results are available in the zkBugs repository:

Future Directions

Our journey doesn't end here. We plan to continue reproducing additional bugs and enriching the dataset with new findings. By expanding the repository, we aim to create a more comprehensive resource that reflects the evolving landscape of ZK vulnerabilities.

Call for Contributions

We believe that collaborative efforts are key to enhancing the security of ZK applications. We warmly welcome contributions from the community in various forms:

Your contributions are invaluable in building a robust knowledge base that benefits the entire community.

Looking Ahead

We envision the zkBugs repository as more than just a collection of vulnerabilities. Our goal is to establish a knowledge base that serves both educational and research purposes, helping individuals learn from past vulnerabilities and fostering advancements in the field. As the ZK ecosystem continues to grow, we aim to develop a community-driven advisory platform that will provide notifications for critical bugs in the most important projects and libraries of the space.

Stay tuned for more updates, and we look forward to your active participation.

Acknowledgements

This project has been partially funded by the EF with support from Aztec, Polygon, Scroll, Taiko, and zkSync.

zkSecurity offers auditing, research, and development services for cryptographic systems including zero-knowledge proofs, MPCs, FHE, and consensus protocols.

Learn more →

Share This Article

Latest Posts

Breaking Down Bulletproofs: No Pairings, No Trusted Setup

David Wong October 23, 2025

Learn how Bulletproofs enables efficient zero-knowledge proofs without trusted setups by computing inner products in a verifiable way. This post breaks down the core folding technique that reduces large vectors to single elements through recursive compression, making proofs both compact and fast to verify. Used in Monero, Mina's Kimchi, and Zcash's Halo 2, Bulletproofs is a practical alternative to pairing-based schemes.

Archetype x zkSecurity - Proof is in the Pudding: The Other Dark Forest (Offchain Public Keys)

ZK/SEC October 21, 2025

In Session 07 of "Proof is in the Pudding," we explore the other dark forest—the realm of offchain public keys. We dive into zkLogin, ZK Email, and ZKPassport, examining how these protocols handle authentication and privacy. We also discuss the issue of unlinkability in privacy protocols and why replacing traditional signature verifications with zero-knowledge proofs could unlock more interesting and powerful ZK products.

Archetype x zkSecurity - Proof in the Pudding: Introduction to Data Availability (Sampling)

ZK/SEC October 02, 2025

In the latest "Proof is in the Pudding" session, we team up with Archetype to break down the essentials of Data Availability Sampling. We dive into how rollups and Ethereum's DA system work, explore the role of DA chains, and touch on the basics of verifiable sharding. This introduction is perfect for anyone curious about the foundations of data availability sampling and how these concepts are playing out in the blockchain world.

Recommended Reading

Reproducing and Exploiting ZK Circuit Vulnerabilities

Stefanos Chaliasos, Chenyang Yu August 09, 2024

Check out our latest blog post where we dive into the world of Zero-Knowledge Proof (ZKP) vulnerabilities, sharing our insights from replicating known ZK circuit weaknesses. We’ve launched a GitHub repo with detailed scripts to help you understand, reproduce, and learn from these vulnerabilities. Discover how this hands-on approach aids in grasping attack vectors, testing fixes, and enriching educational resources. Whether you're a researcher or a developer, this post is packed with info to enhance your knowledge and skills in ZKP security. Plus, find out how you can contribute to expanding this invaluable resource!

zkSecurity took part in judging the latest zkHack Montreal

ZK/SEC September 02, 2024

We recently had the thrill of judging the latest zkHack competition in Montreal, where developers, researchers, and enthusiasts dove into the world of zero-knowledge proofs and privacy tech. The projects were incredibly innovative, featuring creative applications like ZK breathalyzers and ZK & GPS solutions. Check out the exciting results and insights from this year's event—you won't want to miss what these brilliant minds are bringing to the table!

Public report of Sui's zkLogin audit

ZK/SEC November 07, 2023

We just finished an audit of the Sui Foundation's zkLogin application and we're sharing what we found: the code is well-documented, tested, and specified. The zkLogin is set to make user authentication on the blockchain secure but simple, replacing cryptographic keys with familiar SSO methods like Google or Facebook while preserving user privacy. We also dive into the technical details behind JWT verification, non-native arithmetic for RSA, and vector programming. Plus, learn about the trusted setup process for zkLogin, ensuring maximum security through a decentralized multi-party ceremony. If you're curious about the intricate mechanics behind zkLogin, this is a must-read.

More to Explore

Uncovering the Phantom Challenge Soundness Bug in Solana's ZK ElGamal Proof Program

Suneal Gong June 26, 2025

In June 2025, we uncovered a serious soundness issue in Solana's ZK ElGamal Proof Program that could let attackers manipulate confidential token transfers undetected. We worked with the Anza team to quickly address the flaw by pausing and disabling vulnerable components. This post dives into the root cause, which was a subtle mistake in handling prover-generated challenges within sigma OR proofs, revealing broader lessons in zero-knowledge protocol security. If you're interested in cryptographic protocol design, this could provide valuable insights.

zkSecurity x Bain Capital (Whiteboard Session): Unveiling the Power of Multi-Party Computation

ZK/SEC June 04, 2024

We're thrilled to share that we're featured in Bain Capital Crypto's Whiteboards series! In the first episode, David and Guillermo Angeris dive deep into the intriguing world of Multi-Party Computation (MPC). Join them as they break down complex concepts like additively-shared secrets and Shamir Secret Sharing, making the cutting-edge tech behind MPC accessible and engaging. Check out the full episode for some engaging insights and reach out to us if you're looking for MPC stack auditors!

zkHack x zkSecurity (Whiteboard Session) - What is Zero-Knowledge (like, actually)?

ZK/SEC October 04, 2024

We're excited to join zkHack's new season of whiteboard sessions, where you'll dive into the real meaning of "Zero Knowledge" with Nicolas Mohnblatt and David Wong. Discover when true zero-knowledge is at play, explore the differences between honest and dishonest verifiers, and understand why adaptive models are preferred. We'll unpack methods for generating hiding commitments and give you a comprehensive overview of the zero-knowledge aspects of PLONK. Don't miss out on this opportunity to expand your understanding of ZK and its various applications!
View all articles