Worldcoin releases audit reports showing resolved security issues

Blockchain

Proof of humanity protocol Worldcoin released its audit reports on July 28 as criticism of its data collection practices continues to mount. The new reports were conducted by security consulting firms Nethermind and Least Authority. 

According to an accompanying announcement from Worldcoin, Nethermind found 26 security issues with the protocol, of which 24 were “identified as fixed” during the verification phase while one was mitigated and another was acknowledged.

Least Authority discovered three issues and made six suggestions, all of which “have been resolved or have planned resolutions,” the announcement stated.

Worldcoin first rose to prominence in 2021 when it announced that it would give away free tokens to any users who verify their humanness, which they could do by having their iris scanned by a device called an “Orb.” The project was co-founded by Sam Altman, the co-founder of AI developer OpenAI.

At the time, Altman and other team members argued that AI bots would become an increasing problem on the internet if people didn’t find a way to verify their humanness without giving up their privacy. According to the protocol’s documentation, The Orb produces a hash of the user’s iris scan but does not keep a copy of the iris scan.

Related: Worldcoin confirms it is the cause of mysterious Safe deployments

Nethermind’s Worldcoin audit report. Source: Github

Worldcoin initiated its public launch on July 25, after nearly two years of development and beta testing. But criticism of it erupted almost immediately. The United Kingdom’s Information Commissioner’s Office (ICO) reportedly said the government body was deciding whether to investigate the project for violating the country’s data protection laws. French data protection agency CNIL also questioned Worldcoin’s legality.

The crypto community was divided over the project’s launch, with some participants seeing it as the start of a dystopian future where privacy would be eliminated. In contrast, others saw it as a necessary step towards protecting humans against malicious AIs.

The new audit reports cover a wide variety of security topics, including resistance to DDoS attacks, case-specific implementation errors, key storage and proper management of encryption and signing of keys, data leaking and information integrity, and others. Some issues found were the result of dependencies on Semaphore and Ethereum, including “elliptic curve precompile support or Poseidon hash function configuration,” the announcement stated.

All issues except one were fixed, mitigated, or have planned fixes. The one security issue that was not fixed by the time of verification has a severity of “undetermined” and is listed as “acknowledged.”

Articles You May Like

What technical levels are in play for the major FX pairs vs USD to start the day (Nov 19)?
cc edge higher after Russia-Ukraine tensions escalate
NZDUSD index moves lower and sellers are in control, but there is some key support holding
Top 10 S&P 500 stock winners since Election Day
7 stocks with solid quarterly performance, yet down 25% in recent slump