Security Auditing for Midnight Network

Expert knowledge for auditing Midnight Network contracts and privacy-preserving applications.

Security Priorities

• Privacy Protection - Ensure sensitive data stays private

• Cryptographic Integrity - Verify commitments, nullifiers, proofs

• Access Control - Validate authorization patterns

• Input Validation - Check all assertions and bounds

• State Safety - Prevent manipulation and reentrancy

Severity Classification

Level Icon Description Examples

Critical 🔴 Funds at risk, privacy broken Witness exposure, key leak

High 🟠 Significant leak or bypass Predictable nullifier

Medium 🟡 Logic errors, incomplete checks Missing validation

Low 🟢 Best practice violations Poor error messages

Info ℹ️ Improvement suggestions Code clarity

Quick Checklist

Compact Contracts

• All assertions have descriptive messages

• Sensitive data uses witness or secret

• No plaintext secrets in ledger

• Commitments use salt (hash2)

• Nullifiers include secret context

• Range checks before arithmetic

• Access control where needed

TypeScript dApps

• Wallet availability checked

• Transactions properly confirmed

• No secrets logged or exposed

• Private state encrypted

• Error boundaries in place

• HTTPS enforced

References

• references/vulnerabilities.md - Common vulnerability patterns

Assets

• assets/audit-report.md - Audit report template