Skip to main content
Sigvex
Guide

ZK Verifier Audit

ZK security tooling mostly lints the circuit. The seam — where the deployed verifier's hardcoded points stop matching the audited circuit's verifying key — is almost never checked. This page reads the verifier bytecode, extracts every 32-byte constant (where α / β / γ / δ / IC[] always live), and tells you whether the VK commitments you expect are bound or stale.

Source — verifier contract

Pick a deployed verifier from your workspace. Sigvex uses the already-analyzed bytecode — no on-chain refetch.

Expected VK commitments

32-byte hex values derived from the circuit's verifying key (α, β, γ, δ generator points or IC[] entries). Each is checked as a PUSH32 in the verifier bytecode.

Embedded 32-byte constants

Every PUSH32 in the verifier. These are the candidates for generator points, IC[] entries, and VK commitments. Use them as ground truth when deriving the expected set from your circuit.

#OffsetHex

What the verdict means

  • VK bound every expected commitment is embedded as a PUSH32. Circuit is pinned to this verifier.
  • VK stale at least one expected commitment is missing. Likely a stale verifier or a circuit edited post-deployment. Treat as an Error-class dual-layer finding.
  • VK unknown you didn't provide expected commitments. The embedded set is reported for manual comparison against the circuit's verifying key.