The Worldcoin Protocol is subjected to thorough security audits.
Blockchain

The Worldcoin Protocol is subjected to thorough security audits.

Recently, Worldcoin undergone two distinct security audits. Worldcoin is a blockchain-based system that mixes both off-chain and on-chain components. Sam Altman of OpenAI co-founded it. Beginning in April 2023, the audits were carried out by two respectable auditing organisations, Nethermind and Least Authority. The Worldcoin whitepaper goes into detail about how the protocol is implemented, including how it makes use of smart contracts and cryptographic tools.

On July 25, 2023, Worldcoin officially began trading, and the WLD token was listed on well-known cryptocurrency exchanges like Binance and Okex. But there was swift backlash against the unveiling. Worldcoin’s legitimacy was contested by the CNIL, France’s data protection authority. The project may have violated the nation’s data protection regulations, thus the Information Commissioner’s Office (ICO) of the UK considered conducting an investigation.

The audits covered a wide range of topics, including the correctness of the implementation, potential implementation errors, adversarial actions, secure key storage, resistance to DDoS attacks, code vulnerabilities, protection against malicious attacks, performance issues, data privacy, and inappropriate permissions.

In particular, Nethermind concentrated on the protocol’s smart contracts, which included the World ID contracts, the World ID state bridge, the World ID sample airdrop contracts, the Worldcoin tokens (WLD) grants contracts, and the WLD ERC-20 token contract and its related vesting wallet. The verification stage resulted in 24 (92.6%) of the 26 security assessment’s detected issues being repaired, one being mitigated, and the final one being acknowledged.

In contrast, Least Authority focused on the protocol’s use of cryptography, especially its usage of the Semaphore protocol and the improvements made to scale the protocol in a more gas-efficient way.

These include the design and implementation of the protocol’s cryptography, the semaphore protocol’s implementation in Rust, and the Semaphore Merkle Tree Batcher (SMTB) implementation in Go. The team came up with six suggestions and three issues, all of which have either been fixed or have fixes planned.

Least Authority wrote in their assessment, “We found that the cryptographic component of the Worldcoin Protocol is generally well-designed and implemented.”

The protocol’s reliance on Semaphore and Ethereum led to several of the items discovered during the audits, including elliptic curve precompile support and Poseidon hash function setup.

Worldcoin intends to create a decentralised, private, open-source, and universally usable proof of personhood system. The Worldcoin whitepaper and supporting documents are available for study if you want to learn more about the project.