Circomspect
Static analyzer for Circom syntax and safety
Intro
"In October 2019, a security researcher found a devastating vulnerability in Tornado.cash, a decentralized, non-custodial mixer on the Ethereum network... because of an issue in one of the ZKPs, anyone could forge a proof of deposit and withdraw funds from the system... This bug would have been caught using Circomspect, a new static analyzer for ZKPs."
This excerpt is taken from It Pays to be Circomspect by the tool's creators. Read more about the bug and how Circomspect addresses it in the blog post.
Static Analysis Capabilities
This information is lifted word-for-word from the Circomspect rust crate. As time progresses, Trail of Bits (Circomspect creator) plans to add more checks to the static analysis.
Warning Messages
Informational Messages
Links
Last updated