Worldcoin protocol security audit reports

Worldcoin is a blockchain-based protocol that consists of both off-chain and onchain components and is based on Semaphore from the Ethereum PSE group. The protocol’s implementation, including its use of cryptographic constructs and smart contracts, is documented in the Worldcoin whitepaper. 

Beginning in April 2023, audit firms Nethermind and Least Authority conducted two separate security audits of the Worldcoin protocol. Specifically, the audits covered the following areas: 

• Correctness of the implementation, including cryptographic constructions and primitives and appropriate use of smart contract constructs
• Common and case-specific implementation errors
• Adversarial actions and other attacks on the code
• Secure key storage and proper management of encryption and signing keys
• Exposure of any critical information during user interactions
• Resistance to DDoS (distributed denial of service) and similar attacks
• Vulnerabilities in the code leading to adversarial actions and other attacks
• Protection against malicious attacks and other methods of exploitation
• Performance problems or other potential impacts on performance
• Data privacy, data leaking and information integrity
• Inappropriate permissions, privilege escalation and excess authority

Nethermind focused on an audit of the protocol’s smart contracts, which include the World ID contracts, the World ID state bridge, the World ID example airdrop contracts, the Worldcoin tokens (WLD) grants contracts, along with the WLD ERC-20 token contract and its associated vesting wallet. Of the 26 items surfaced during this security assessment, 92.6% (24) were identified as fixed after the verification stage, while one was mitigated and the remaining one was acknowledged.

Least Authority’s focus was on the protocol’s use of cryptography, including its use of the Semaphore protocol as well as the enhancements made to scale the protocol in a more gas efficient manner. These include the protocol’s cryptographic design and implementation, the Rust implementation of the semaphore protocol and the Go implementation of the Semaphore Merkle Tree Batcher (SMTB). The team identified three issues and offered six suggestions, all of which have either been resolved or have planned resolutions.

“We found that the cryptographic component of the Worldcoin Protocol is generally well-designed and implemented.” - Least Authority report

Both companies' audits were extremely thorough. In some cases, items identified were due to the protocol’s dependencies on Semaphore and Ethereum, such as elliptic curve precompile support or Poseidon hash function configuration. 

Details of both audits can be found in the Nethermind and Least Authority reports.

Worldcoin seeks a proof of personhood that is decentralized, privacy preserving, open-source and accessible to everyone. To learn more about the project, read the Worldcoin whitepaper and related documents.