- Worldcoin has published two security audit reports that cover areas like key encryption, vulnerabilities, and data privacy.
- The three-month-long security audits were performed by audit firms Nethermind and Least Authority.
- The audits revealed 29 issues, which were subsequently resolved by the blockchain protocol.
- The audit reports were published just hours after France’s privacy watchdog launched a probe into Worldcoin.
Worldcoin, the ambitious crypto project recently launched by ChatGPT founder Sam Altman, has published security audit reports amid mounting concerns regarding its privacy and safety. The audit reports came just hours after France’s top privacy watchdog stated that it was investigating the blockchain protocol.
Auditors Find 29 Security Issues In Worldcoin
According to a blog post by Worldcoin, two separate audit firms were tapped to carry out separate suits that lasted three months. During the audit, audit firms Nethermind and Least Authority focused on several key areas, including the correctness of the implementation, appropriate use of smart contract constructs, adversarial actions, exposure of critical information during user interaction, etc.
The audit firms also scanned the blockchain protocol for case-specific implementation errors, resistance to attacks like DDoS, vulnerabilities in the codebase, etc. From a privacy and security point of view, the audit also covered areas like secure key storage, proper management of encryption and signing keys, data privacy, information integrity, etc.
Nethermind’s audit focused on Worldcoin’s smart contracts, including the World ID contracts, World ID example airdrops, the WLD ERC-20 token contract, and the associated vesting wallet, etc. The firm found 26 issues during the assessment, 2 of which were critical and 2 were medium issues. The protocol has resolved 24 issues and mitigated one so far.
Least Authority’s audit took a closer look at Worldcoin’s use of cryptography, particularly the cryptographic design and implementation. The audit firm identified three issues, all of which were solved. According to Least Authority, the cryptographic component was generally well-designed and implemented.
Worldcoin’s audit reports came amid mounting concerns regarding the protocol’s privacy and safety. Reuters reported earlier today that France’s privacy watchdog CNIL launched an investigation into the blockchain protocol’s operations, particularly the collection of biometric data. Questioning the legality of extracting and storing the public’s biometric data, the CNIL joined hands with the Bavarian state authority in Germany to conduct the investigation.