Faulty Proof Validation in ZKPs: A Critical Blockchain Security Risk

Zero-knowledge proofs (ZKPs) are cryptographic tools applied for various use cases in on-chain protocols. ZKPs can be used to demonstrate knowledge of a secret without revealing it or decrease the amount of space needed to record transaction data, which is useful in space-limited digital ledgers.

On-chain protocols apply ZKPs to various use cases; however, it’s vital that any protocol that depends upon them validates a proof before accepting it. Failure to do so correctly can leave these protocols vulnerable to exploitation. Often, this results in high-value, damaging hacks since ZKPs play a critical role in these protocols, and many of the protocols using them are high-value projects.

Understanding the Role of Zero-Knowledge Proofs (ZKPs) in Blockchain Security

ZKPs are cryptographic algorithms that allow a prover to prove some secret to a verifier without revealing the secret. This technology has numerous privacy-preserving use cases for on-chain protocols, such as:

• Private transactions

• Confidential smart contracts

• On-chain identity and access management (IAM)

• Secure multi-party computation (MPC)

While these are valuable applications of the technology, they’re not the only use case. Many Layer-2 protocols take advantage of the fact that ZKPs can also enhance blockchain scalability. If transactions are performed off-chain, a ZKP demonstrating their correctness is typically significantly smaller than the list of transactions themselves. Recording this transaction on-chain provides the same proof of correctness needed by blockchain nodes while reducing on-chain storage and processing requirements. 

This application of ZKPs is used by:

• ZK-Rollups

• Cross-chain bridges

Why Proof Validation Is Crucial for Zero-Knowledge Proofs (ZKPs)

ZKP algorithms make it impossible to generate a valid proof of a false assertion. If the proving system (zkSNARKS, zkSTARKS, etc.) is secure, then the guarantees of the proof correctness are based on cryptography, which offers a strong guarantee.

However, it is possible to create a proof that might look authentic while actually failing at the verification stage. In these scenarios, a protocol that implicitly trusts a proof without performing full validation could be tricked into accepting an invalid proof.

ZKPs are designed to allow anyone to verify them. However, there are several ways in which proof validation can go wrong.

The Risks of Failing to Validate Zero-Knowledge Proofs

The simplest way that proof validation can go wrong is if a smart contract fails to validate the proof at all. This could happen if the developer made an error or if proof validation was intentionally skipped as an attempt at code optimization. Every operation on a smart contract platform like Ethereum costs fees, so reducing the number of expensive operations the contract performs makes it more efficient and cheaper to run.

Common Errors in Zero-Knowledge Proof (ZKP) Validation

ZKPs are designed to allow anyone to validate the claims included in the proof. However, doing so requires the verifier to perform certain operations. If a contract’s verification code contains bugs, then it’s possible that an attacker could craft a proof that is invalid but passes the verifier’s validation process.

Vulnerabilities in Smart Contract Proof Validation Code

When validating a proof, a smart contract is processing external user input. This creates the potential for injection vulnerabilities if the smart contract doesn’t perform proper validation and sanitization of the input or contains any exploitable vulnerabilities.

For example, parameters passed to the validation function may be serialized. If this function contains a serialization vulnerability, then a malformed input could cause it to behave unexpectedly.

Outsourcing Zero-Knowledge Proof Validation: Risks to Consider

A smart contract function may also outsource the process of validating a proof to another contract or function. While this can be ok, it also runs the risk that this secondary function won’t perform proper validation or that the interface between the two might be flawed or vulnerable.

For example, this external function may not perform validation at all or could have flawed validation code, resulting in an incorrect result and a false sense of security. Alternatively, some issue may exist in the interface between the two functions, which could enable an attacker to trick the caller into believing that a signature was validated when it did not.

The Major Security Threat Posed by Faulty Proof Validation in Blockchain

Faulty proof validation is one of many vulnerabilities that can exist in a smart contract. Additionally, it’s a rather specialized issue since it can only apply to smart contracts that work with ZKPs.

However, the types of protocols that meet this requirement — cross-chain bridges and ZK-Rollups — tend to be large projects that hold a great deal of value. This means that vulnerabilities like these — which allow an attacker to submit invalid off-chain transactions and have them accepted — tend to have large price tags for the vulnerable contract.

In fact, Halborn’s Top 100 DeFi Hacks report found that faulty proof validation vulnerabilities accounted for over half of the losses for hacks in 2022 but only 18.7% of attacks. In general, they account for merely 4.3% of hacks but over a quarter of total losses.

How to Protect Your DeFi Project Against Faulty Proof Validation Hacks

Faulty proof validation vulnerabilities appear in only a small number of hacks. However, when they do, they cause massive losses due to their security impacts and the values of the targeted protocols.

When implementing smart contracts that are dependent on ZKPs, it’s vital to ensure that ZKPs are properly validated. Otherwise, an attacker might be able to craft an input that passes validation but enables them to drain value from the protocol.

In addition to faulty proof validation vulnerabilities, on-chain projects can suffer from a wide range of potential vulnerabilities that lead to costly attacks. The Halborn Top 100 DeFi Hacks report provides an in-depth exploration of the security threats that lead to the largest hacks by looking at the causes and contributing factors behind the 100 most expensive DeFi hacks through 2023.

Across the board, one of the most effective defenses against DeFi hacks is to perform a comprehensive security audit before releasing code. According to the report, only 20% of the top 100 hacks involved audited protocols, and they accounted for only 14.3% of the value lost. 

For help with protecting your DeFi project against hacks through a comprehensive security audit, reach out to Halborn.