Skip to main content
Sigvex

ZK Verifier Audit

Dual-layer audit for an on-chain ZK verifier — scan bytecode for embedded constants and compare them to expected VK commitments.

What it is

A page that audits the relationship between a deployed EVM verifier’s bytecode and an expected set of verifying-key (VK) commitments. Sections: Source — verifier contract, Expected VK commitments, VK correspondence, Findings, and Embedded 32-byte constants. A sample selector loads scenarios: VK Bound (all keys match), VK Stale (key missing), VK Unknown (no expected keys).

Why it exists

A compromised or accidentally swapped verifier can silently accept proofs from the wrong circuit. This page scans the deployed bytecode for embedded 32-byte constants, compares them to expected VK commitments, and reports matches, mismatches, or unknowns — so the deployment can be checked before trust is placed on it.

Who uses it

  • Auditor — verifies that a deployed verifier’s bytecode still matches the expected commitments.
  • Protocol engineer — audits a proxy-upgraded verifier after a change.

How to open it

  1. Sidebar → Cryptography → ZK Verifier Audit.
  2. Direct URL — /zk-verifier.

Using the page

  1. Source — verifier contract — pick a deployed verifier from the workspace via the contract picker.
  2. Scan bytecode — extracts embedded 32-byte constants.
  3. Try MeSelect scenario… — loads a sample: VK Bound, VK Stale, or VK Unknown.
  4. Expected VK commitments — list editor; + Add expected commitment appends a row; the row-level × removes it.
  5. VK correspondence — per-commitment match status between the embedded constants and the expected list.
  6. Findings — aggregated verdict for the audit.
  7. Embedded 32-byte constants — the full list of constants extracted from the bytecode.

Inputs and outputs

Input Source Required
Verifier source Form input yes
Expected VK commitments List editor yes
Output Format Destination
Correspondence table In-page HTML
Findings In-page HTML
Embedded constants In-page HTML

Controls reference

  • Scan bytecode — extracts embedded constants.
  • Select scenario… — loads a sample scenario.
  • + Add expected commitment — appends a row to the expected list.
  • × (per row) — removes the row.

Limits

  • Requires a signed-in account.
  • Scans deployed EVM verifier bytecode only.
  • The audit compares embedded constants to the expected list; it does not re-prove the verifier’s correctness.

Troubleshooting

Symptom or error Cause Action
No embedded constants found Bytecode missing or not a verifier Verify the address or paste the bytecode directly.
Verdict is VK Unknown Expected commitments list is empty Add the commitments under Expected VK commitments.
Verdict is VK Stale At least one expected commitment is missing Investigate whether the verifier was swapped.