AgentSkillsCN

security

在Midnight Network上使用零知识证明实现隐私保护模式。当设计隐私数据处理、承诺方案、否定者或选择性披露时使用。触发隐私、ZK证明、承诺、否定者或机密计算问题。

SKILL.md
--- frontmatter
name: security
description: Security auditing patterns for Midnight Network smart contracts and dApps. Use when reviewing code for vulnerabilities, privacy leaks, cryptographic weaknesses, or performing security audits.

Security Auditing for Midnight Network

Expert knowledge for auditing Midnight Network contracts and privacy-preserving applications.

Security Priorities

  1. Privacy Protection - Ensure sensitive data stays private
  2. Cryptographic Integrity - Verify commitments, nullifiers, proofs
  3. Access Control - Validate authorization patterns
  4. Input Validation - Check all assertions and bounds
  5. State Safety - Prevent manipulation and reentrancy

Severity Classification

LevelIconDescriptionExamples
Critical🔴Funds at risk, privacy brokenWitness exposure, key leak
High🟠Significant leak or bypassPredictable nullifier
Medium🟡Logic errors, incomplete checksMissing validation
Low🟢Best practice violationsPoor error messages
Infoℹ️Improvement suggestionsCode clarity

Quick Checklist

Compact Contracts

  • All assertions have descriptive messages
  • Sensitive data uses witness or secret
  • No plaintext secrets in ledger
  • Commitments use salt (hash2)
  • Nullifiers include secret context
  • Range checks before arithmetic
  • Access control where needed

TypeScript dApps

  • Wallet availability checked
  • Transactions properly confirmed
  • No secrets logged or exposed
  • Private state encrypted
  • Error boundaries in place
  • HTTPS enforced

References

Assets