Security Auditing for Midnight Network
Expert knowledge for auditing Midnight Network contracts and privacy-preserving applications.
Security Priorities
- •Privacy Protection - Ensure sensitive data stays private
- •Cryptographic Integrity - Verify commitments, nullifiers, proofs
- •Access Control - Validate authorization patterns
- •Input Validation - Check all assertions and bounds
- •State Safety - Prevent manipulation and reentrancy
Severity Classification
| Level | Icon | Description | Examples |
|---|---|---|---|
| Critical | 🔴 | Funds at risk, privacy broken | Witness exposure, key leak |
| High | 🟠 | Significant leak or bypass | Predictable nullifier |
| Medium | 🟡 | Logic errors, incomplete checks | Missing validation |
| Low | 🟢 | Best practice violations | Poor error messages |
| Info | ℹ️ | Improvement suggestions | Code clarity |
Quick Checklist
Compact Contracts
- • All assertions have descriptive messages
- • Sensitive data uses
witnessorsecret - • No plaintext secrets in ledger
- • Commitments use salt (hash2)
- • Nullifiers include secret context
- • Range checks before arithmetic
- • Access control where needed
TypeScript dApps
- • Wallet availability checked
- • Transactions properly confirmed
- • No secrets logged or exposed
- • Private state encrypted
- • Error boundaries in place
- • HTTPS enforced
References
- •references/vulnerabilities.md - Common vulnerability patterns
Assets
- •assets/audit-report.md - Audit report template