Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • TRADE
Crypto Flexs
Home»HACKING NEWS»Wormhole Worldcoin World ID State Root Bridge
HACKING NEWS

Wormhole Worldcoin World ID State Root Bridge

By Crypto FlexsNovember 26, 20243 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Wormhole Worldcoin World ID State Root Bridge
Share
Facebook Twitter LinkedIn Pinterest Email

The Wormhole Worldcoin World ID State Root Bridge protocol makes it possible to bridge the Worldcoin World ID state root from Ethereum to Solana. Worldcoin World ID utilizes: semaphoreThere is a single set containing the public key (or identity promise) for each verified user. Promises for this set are replicated to another blockchain, in this case Solana, where the new Merkle root is stored, allowing verified users to prove their identity.

Wormhole partnered with Ackee Blockchain Security to conduct a security review of the Wormhole Worldcoin World ID State Root Bridge protocol over a total of 11 engineering days from September 6 to September 27, 2024.

methodology

The audit began with understanding the high-level goals of the project, followed by a deeper analysis of the logic of the program. In the early stages we implemented fuzz testing, which was particularly helpful for two reasons. The goal was to increase understanding of the core concepts of the project and to start fuzzing as soon as possible to increase the likelihood of bug identification. For fuzzing we use trident. reference pull request With complete fuzz test code.

In the later stages of the audit, we focused on a manual review of the project, paying special attention to:

  • Ensure that preemption is not possible during the initialization process (e.g. configuration initialization).
  • Ensures that all configuration-related commands can only be executed by the relevant permissions.
  • Ensures correct deserialization and serialization of command input.
  • It ensures that reinitialization or denial of service is impossible while Guardian signatures are published to the Solana blockchain.
  • Ensures that there is no possibility of spoofing Guardian Signatures and Guardian Set accounts when publishing new state roots on the Ethereum blockchain.
  • It ensures that all published guardian signatures are verified sequentially and that signatures are not posted multiple times to artificially achieve quorum.
  • Ensure that personal identity verification processes are implemented correctly and that there are no sensitive data leaks.

range

An audit has been performed on the commit. 70f034 and a6f479 The respective ranges are as follows:

Findings

The audit results are as follows:

critical severity

No critical severity issues were found.

Severity High

H1: The latest available root may be inactive and potentially undesirably removed.

medium severity

M1: Arithmetic overflow may occur during route is_active check
M2: Missing mut forcing

low severity

No low-severity issues were found.

warning severity

W1: Reinitializable

Information Severity

I1: Signature malleability due to accommodating high and low order S values

conclusion

The review resulted in five findings ranging from information to high severity. The most severe result, H1, indicates a possible denial of service during identity verification. In Ethereum, if there is a relatively large gap (compared to root_expiry) between newly submitted root hashes, two undesirable scenarios can occur:

Ackee Blockchain Security recommends Wormhole.

  • Always ensure that there is at least one active root available for verification and avoid the possibility of all roots being removed.
  • Ensure that off-chain components function properly and adhere to best security practices.
  • Ensure that Guardian Set accounts stored on chain are well protected and that there is no possibility for an attacker to tamper with these accounts.
  • Do not use unchecked arithmetic. Although the likelihood of exploiting unchecked arithmetic in an unintended way may be low, the potential problem still exists and can have catastrophic consequences.

Ackee Blockchain Security’s full Wormhole audit report, which includes a detailed description of all findings and recommendations, can be found here.

We were delighted to appreciate Wormhole and look forward to working with them again.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

FTT increases by 7% as the backpack starts the platform to help victims clear liquidation.

July 21, 2025

AAVE gains strength as AAVE dominates defect loans with net deposits of $ 50B or more.

July 19, 2025

Summary of the Router Router

July 17, 2025
Add A Comment

Comments are closed.

Recent Posts

KAITO unveils Capital Launchpad, a Web3 crowdfunding platform that will be released later this week.

July 22, 2025

CARV Advances AI Beings Roadmap With Hackathon And 12+ Ecosystem Partnerships

July 22, 2025

POLYMARKET will re -enter the United States after the acquisition of QCEX $ 112 million.

July 22, 2025

FTT increases by 7% as the backpack starts the platform to help victims clear liquidation.

July 21, 2025

Monarq Asset Management Appoints Sam Gaer As CIO To Lead Directional Strategy

July 21, 2025

Little PEPE surpasses $ 4 million in pre -sales, emerging as one of the main memes in 2025.

July 21, 2025

Bitcoin Price $ 123K Explosion -Trader Brace for Brake Out

July 20, 2025

Ether Lee Rium breaks $ 3K with 7,200% of the virus L2 coin eyes.

July 20, 2025

XRP Breaks Through $3.5! DL Mining Launches AI Cloud Mining Contracts, Earning Steady Profits Every Day

July 20, 2025

AAVE gains strength as AAVE dominates defect loans with net deposits of $ 50B or more.

July 19, 2025

As XRP Surges, DLMining Platform Opens New High-yield Cloud Mining Opportunities For Holders

July 19, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

KAITO unveils Capital Launchpad, a Web3 crowdfunding platform that will be released later this week.

July 22, 2025

CARV Advances AI Beings Roadmap With Hackathon And 12+ Ecosystem Partnerships

July 22, 2025

POLYMARKET will re -enter the United States after the acquisition of QCEX $ 112 million.

July 22, 2025
Most Popular

The Senate Bank Commission votes in the ‘Genius’ Starble Leco -in bill this week

March 11, 2025

As Binance dumps $ 32m, Solana is a 10% crash -classic market flush?

February 2, 2025

Top Trader Says Dogecoin (DOGE) Flashing Bullish Signals, Updates Outlook on AI-Related Altcoins

March 4, 2024
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.