ZK Security Workshop recap: Winners and presentations
Last year, from Oct 30th to Nov 3rd, 2023, we collaborated with Secureum to organize an online ZK Security Workshop. You can read the original announcement post here.
We had capped the number of active workshop participants at 32, ensuring the group was small enough for us to provide the best support.
With this blog post, we share much of the content with the wider public.
We recap our activities, list the winners, and share the workshop presentations given by the co-founders of Scroll and Axiom and an engineer of the Ethereum Foundation PSE team.
The workshop was well-received and offered a venue to learn hands-on skills alongside other security-minded developers. See what the workshop participants shared on the last day in our designated Discord channel:
The idea: learn about bug-finding and how to use our in-house tools
The idea of the ZK Security Workshop was to provide participants with the opportunity to try first-hand our proprietary in-house security tools and experience how these can make vulnerability detection more comprehensive.
We had prepared a set of bug-finding challenges for the participants, where they had the chance to improve their skills and compete.
The participants got a chance to play with Picus — a tool we have designed specifically for verifying properties of ZK circuits, as well as with the ZK version of our static analyzer, Vanguard.
Curriculum of the week
The week featured four comprehensive presentations on various topics related to ZK security, frameworks, example bugs, and our in-house tooling (especially Picus and Vanguard).
Our engineers aimed to compress our years of insights into just four presentations. They were packed with information yet provided guidance on how to apply the knowledge and get hands-on really fast.
Topics of the presentations
- Day 1: An Intro to ZK languages and Frameworks (Kostas Ferles, CRO)
- Day 2: Abstracting ZK Circuits with Graphs (Daniel Dominguez, Security Engineer)
- Day 3: Static Analysis for ZK Circuits (Kostas Ferles, CRO)
- Day 4: Underconstrained circuits and the Picus tool (Shankara Pailoor
Research Scientist)
2–3 bug-finding tasks for every day
We had prepared 2–3 bug-finding code snippets for each day. Code snippets were roughly 20–50 lines of code each.
Participants could quickly examine the snippets with their own eyes and judgment first, and then with the tools we provided. Our team was available for any questions over public channels and private DMs.
Winners of the ZK Security workshop:
While the main goal of the workshop was to provide a venue for learning about ZK security, bug finding, and connecting with other security-minded developers, we also offered an incentive to excel in finding bugs.
There were small prizes for the top 5 who found the most bugs :-)
Congrats to the top-5 winners!
- 1st place: Sleepingshell ($2000)
- 2nd place: epizeuxius ($1000)
- 3rd place: qbs ($1000)
- 4th place: quihaoli ($500)
- 5th place: uch ($500)
Top 10 scoreboard:
1. Sleepingshell — 99.56 points
2. epizeuxius — 96.45 points
3. qbs#2188 — 95.13 points
4. qiuhaoli — 84.04 points
5. uch#4429 — 79.85 points
6. nmirchev8 — 73.64 points
7. lightw1nd — 72.47 points
8. xiaoyoudacheng — 66.65 points
9. SaharAP — 64.65 points
10. nullity00 — 59.34 points
Everyone learned a bunch, two participants landed a job!
Besides learning to find bugs, testing the tools, making friends, and winning prizes, we kept our eyes open for talent who might like to make bug-finding their full-time career.
It turned out the group had some serious talent, and two of the participants demonstrated their skills and landed a job at Veridise :-)
Guest presentations by industry heavyweights
We also invited some industry heavyweights to share their thoughts on ZK security in the context of the protocols they are building.
The workshop participants had the chance to hear from and ask questions of Haichen Shen (Co-founder of Scroll), Yi Sun (Founder of Axiom), and Blockdev (Software Engineer at the Ethereum Foundation PSE team).
Below are the presentation recordings.
Lessons Learned from Securing Scroll zkEVM
Haichen Shen (Scroll, co-founder)
Circuit Techniques for Scaling Data Access on Ethereum
Yi Sun (Axiom, co-founder)
Tips for safe Circom circuits
Blockdev (Ethereum Foundation’s PSE team, software engineer)
We’re humbled by the feedback from participants
“Wow, my brain’s still on fire from that awesome workshop. Thanks for great time!” — qbs
“Thanks a lot, everyone from the veridise team, for conducting this workshop. It was an immense pleasure to learn from you guys.”— Hash01011122
Finally, thanks to all the participants! The positive feedback we received certainly humbled us, and we’re looking forward to organizing similar activities again.
Thank you to all the participants:
Sleepingshell, epizeuxius, qbs, qiuhaoli, uch, nmirchev8, lightw1nd, xiaoyoudacheng, SaharAP, nullity00, Cryptor, dedo93, cergyk, Kaiziron, Hash01011122, bengalaq, Bronicle, sahar_22, neumoxx, dmtrbch, seraviz, savi0ur, qpzm, aysha_a, yotov721, degensec, iss, _dead_bee, gamma01, edenr, and ret3basic.
Finally, thank you Secureum!
This already marks our second time collaborating with Secureum. We’d like to extend a warm and heartfel thank you to Rajeev for spearheading the efforts of bringing security professionals together in various activities. The events have been really well-received by all participants.
ZK Security workshop organizers:
The ZK Security Workshop required substantial preparation from our own team at Veridise, and the masterminds behind the efforts are:
Kostas Ferles, Shankara Pailoor, Daniel Dominguez, Nikos Chondros, Sorawee Porncharoenwase, Ian Neal, Vanina Ivanova, among other team members.
Article author:
Mikko Ikola
Want to learn more about Veridise?
Twitter | Lens | LinkedIn | Github | Request Audit
