Some of My Disclosed Vulnerabilities
As part of my past research projects, I have discovered and responsibly disclosed several security vulnerabilities. While most of them relate to zero-knowledge proof (ZKP) applications, my earliest reports focused on bugs in the Matter protocol for smart-home devices.
The disclosure process varied depending on the project and the preferences of the affected teams. Many vulnerabilities were reported through public GitHub issues, while others were disclosed via email or discussed during online meetings. In some cases, I initially met with the development team and obtained permission before proceeding with a public GitHub report.
When reporting vulnerabilities via GitHub issues, I immediately submitted corresponding pull requests with proposed fixes to enable direct patching, unless the maintainers preferred to address the issue themselves. I always tried to make each report as descriptive as possible.
Below is an overview of all vulnerabilities I have reported so far. Click on each repository to expand and view the details.
Matter ⭐ 646
Matter is a standard/protocol for smart home communication, developed by a consortium that includes companies like Apple, Amazon, and Google.
TikTok's Trustless Attestation Verification ⭐ 74
Zero-knowledge proofs for verifying Trusted Execution Environment (TEE) attestations.
- Missing range checks in reverse_bytes SEVERITY: HIGH
- Missing range checks in bytes_to_qword SEVERITY: HIGH
- Underconstrained signals in validate_x509_rsa SEVERITY: HIGH
- Manual byte reversal in validate_x509_rsa duplicates helper logic SEVERITY: INFORMATIONAL
- Incorrect comment in to_bytes_be refers to bits instead of bytes SEVERITY: INFORMATIONAL
- Hard-coded constant 3 in to_bytes_be breaks correctness for n ≠ 4 SEVERITY: MEDIUM
- Unnecessary use of intermediate array num[n] in to_bytes_be SEVERITY: INFORMATIONAL
- Missing assertion in to_bytes_be risks alias bug (overflows) SEVERITY: MEDIUM
- Unnecessary constraints in mgf1_sha384 when mask_len is a multiple of seed_len SEVERITY: LOW
- Underconstrained signals in RsaVerifySsaPss SEVERITY: HIGH
- Incorrect expected type of message_hashed in RsaVerifySsaPss SEVERITY: INFORMATIONAL
- Unconstrained output in zero-padding check allows malformed signature SEVERITY: HIGH
Microsoft's Crescent ⭐ 43
A library for generating zero-knowledge proofs of possession for JSON Web Tokens (JWT) and mobile Driver's Licenses (mDL).
- Missing Range Constraints in MatchClaimName Allows Comparator Overflow and Slice Mismatch SEVERITY: HIGH
- Missing Range Constraint in RemoveValue Template Allows Comparator Overflow SEVERITY: HIGH
- Underconstrained Length Input of Sha256General Enables Forged Proofs SEVERITY: HIGH
- Underconstrained Length Input of Sha256Bytes Enables Forged Proofs SEVERITY: HIGH
Self ⭐ 1211
An application for creating zero-knowledge proofs from government IDs with selective attribute disclosure (e.g., age).
- Missing Range Constraints for Sha256Bytes Allow Forged Inputs to Pass Verification SEVERITY: HIGH
Rooch ⭐ 184
A platform for building verifiable applications with transparent computation and state.
- Missing Range Constraints in Sha256Partial and Sha256General Allow Forged Inputs to Pass Verification SEVERITY: HIGH
ZKP2P ⭐ 318
A trustless peer-to-peer cryptocurrency exchange system using zero-knowledge proofs for payment verification.
- Missing Range Constraints for Sha256Partial Allow Forged Inputs to Pass Verification
TACEO's co-snarks ⭐ 204
Tooling for collaborative SNARKs, enabling multiple parties to jointly produce proofs.
- Missing Range Constraints for Sha256Partial Allow Forged Inputs to Pass Verification SEVERITY: HIGH🔧 Fix Commit ✓ Patched