AgentSkillsCN

compact-reviewer:security-review

当您审查Compact合约,查找安全漏洞、隐私泄露、信息披露违规、访问控制问题,或ZK特有攻击向量时,可选用此功能。

SKILL.md
--- frontmatter
name: compact-reviewer:security-review
description: Use when reviewing Compact contracts for security vulnerabilities, privacy leaks, disclosure violations, access control issues, or ZK-specific attack vectors.

Security Review Skill

Comprehensive security analysis for Compact smart contracts on the Midnight Network.

When to Use

This skill activates for queries about:

  • Security vulnerabilities in Compact contracts
  • Privacy and disclosure issues
  • Access control verification
  • ZK-specific attack patterns
  • Audit and security review

Trigger words: security, vulnerability, audit, disclosure, access control, privacy leak, attack vector

Quick Reference

Security Checklist

CategoryCheckSeverity if Failed
Access ControlExported circuits verify caller authorization🔴 Critical
DisclosureAll public outputs use disclose()🔴 Critical
Input ValidationAll witness inputs validated/bounded🔴 Critical
State ProtectionLedger writes have authorization checks🟠 High
ZK AttacksLow-entropy witnesses not used in hashes🔴 Critical
TimingNo witness-dependent control flow🟠 High

Common Vulnerabilities

compact
// ❌ Missing access control
export circuit withdraw(amount: Uint<64>): [] {
    balance.decrement(amount);  // Anyone can call!
}

// ✅ With access control
export circuit withdraw(amount: Uint<64>): [] {
    const caller = get_caller_secret();
    assert hash(caller) == owner_hash.read();
    balance.decrement(amount);
}
compact
// ❌ Disclosure violation
export circuit get_balance(): Uint<64> {
    return balance.read();  // Missing disclose!
}

// ✅ Explicit disclosure
export circuit get_balance(): Uint<64> {
    return disclose(balance.read());
}

ZK Attack Vectors

IDAttackRiskDetection
AV-03Nullifier Linkability🔴 CriticalLow-entropy input to persistentHash()
AV-06Witness Entropy Exhaustion🔴 CriticalBounded witness types (Uint<8>, enums)
AV-01Implicit Taint Leakage🟠 HighWitness-dependent control flow
AV-08Circuit Under-Constraint🔴 CriticalMissing assertions on witness ranges

Review Process

1. Access Control Verification

For each export circuit:

  1. Identify who should be authorized to call it
  2. Verify authorization check exists (witness + assertion)
  3. Check authorization uses proper cryptographic verification
compact
// Pattern: Authorization check
witness get_admin_key(): Bytes<32>;

export circuit admin_action(): [] {
    const admin = get_admin_key();
    assert hash(admin) == admin_hash.read();  // ✓ Crypto verification
    // ... perform action
}

2. Disclosure Analysis

For each value returned from a circuit:

  1. Trace value origin (ledger, witness, computation)
  2. Verify disclose() is used for public outputs
  3. Check for implicit disclosure via ledger writes
compact
// Must use disclose() for:
// - Return values from export circuits
// - Values derived from witnesses that become public
// - Ledger state that should be visible

3. Input Validation

For each witness function:

  1. Check type bounds (Uint<N> has 2^N values)
  2. Verify assertions bound the valid range
  3. Look for missing null/empty checks
compact
// ❌ Unbounded witness
witness get_choice(): Uint<8>;  // 256 possibilities

export circuit vote(): [] {
    const choice = get_choice();
    voteTally[choice].increment(1);  // No bounds check!
}

// ✅ Bounded witness
export circuit vote(): [] {
    const choice = get_choice();
    assert choice < 5;  // Only 5 valid choices
    voteTally[choice].increment(1);
}

4. ZK-Specific Checks

Run through attack vector checklist:

CheckLook ForIf Found
AV-01if disclose(witness) or witness in loop countFlag timing leak
AV-03persistentHash(low_entropy)Flag nullifier linkability
AV-06Uint<1-16> in security-critical pathsFlag brute-force risk
AV-08Witness used without range assertionFlag under-constraint

References

Related Skills