{"id":959,"date":"2024-11-25T10:33:00","date_gmt":"2024-11-25T08:33:00","guid":{"rendered":"https:\/\/ackee.xyz\/blog\/?p=959"},"modified":"2024-11-25T10:33:00","modified_gmt":"2024-11-25T08:33:00","slug":"wormhole-worldcoin-world-id-state-root-bridge","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/wormhole-worldcoin-world-id-state-root-bridge\/","title":{"rendered":"Wormhole Worldcoin World ID State Root Bridge"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Wormhole Worldcoin World ID State Root Bridge protocol enables the bridging of the Worldcoin World ID state root from Ethereum to Solana. The Worldcoin World ID utilizes <\/span><a href=\"https:\/\/docs.semaphore.pse.dev\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Semaphore<\/span><\/a><span style=\"font-weight: 400;\">, with a single set containing public keys (or identity commitments) for each verified user. A commitment to this set is then replicated to other blockchains, in this case to Solana, where the new Merkle root is stored, allowing verified users to prove their personhood.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">Wormhole engaged Ackee Blockchain Security to perform a security review of the Wormhole Worldcoin World ID State Root Bridge protocol for a total of 11 engineering days in a period between September 6 and September 27, 2024.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">METHODOLOGY<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The audit began by understanding the high-level goals of the project, followed by a deep dive into the program\u2019s logic. In the initial phase, we implemented fuzz tests, which were particularly helpful for two reasons: to enhance our understanding of the project\u2019s core concepts and to begin fuzzing as early as possible, increasing the likelihood of identifying bugs. For fuzzing, we used <\/span><a href=\"https:\/\/github.com\/ackee-blockchain\/trident\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Trident<\/span><\/a><span style=\"font-weight: 400;\">. See the <\/span><a href=\"https:\/\/github.com\/wormholelabs-xyz\/solana-world-id-program\/pull\/21\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Pull Request<\/span><\/a><span style=\"font-weight: 400;\"> with a complete fuzz test code.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">In the later stages of the audit, we shifted focus to a manual review of the project, paying special attention to the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring there is no frontrunning possible during the initialization process (e.g. Config Initialization);<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring all Config-related instructions can only be executed by the associated authority;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring correct deserialization and serialization of instruction inputs;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring that no reinitialization or denial of service is possible during the posting of Guardian Signatures to the Solana blockchain;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring there is no possibility of spoofing the Guardian Signatures and Guardian Set accounts when posting a new state root from the Ethereum blockchain;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring all posted Guardian Signatures are verified in a sequential order and that no signature can be posted multiple times to achieve quorum artificially;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensuring the Proof of Personhood verification process is correctly implemented and that no sensitive data leaks are present.<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">SCOPE<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The audit was performed on the commit <span><code class=\"codehl\">70f034<\/code><\/span> and <span><code class=\"codehl\">a6f479<\/code><\/span> respectively the scope was the following:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/github.com\/wormholelabs-xyz\/solana-world-id-program\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Solana World ID Program<\/span><\/a><span style=\"font-weight: 400;\">, excluding external dependencies<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/github.com\/wormholelabs-xyz\/solana-world-id-onchain-template\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Solana World ID On-Chain Template<\/span><\/a><span style=\"font-weight: 400;\">, excluding external dependencies.<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">FINDINGS<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Here are the findings from our audit.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Critical severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">No critical severity issues were found.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">High severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">H1: The latest available root may be inactive and potentially undesirably removed<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Medium severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">M1: Possible arithemtic overflow during root <code class=\"codehl\">is_active<\/code> check<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">M2: Missing <code class=\"codehl\">mut<\/code> constraint<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Low severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">No low severity issues were found.\u00a0<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Warning severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">W1: Possible Reinitialization<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Information severity<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">I1: Signature Malleability due to accepting S values with high and also low order<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">CONCLUSION<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Our review resulted in 5 findings ranging from Info to High severity. The most severe finding, H1, presents the potential for a denial of service during the verification process of proof of personhood. If there are relatively large gaps (compared to the root_expiry) between newly submitted root hashes from Ethereum, two undesirable scenarios can arise.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><b>Ackee Blockchain Security recommends Wormhole:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensure that there is always at least one active root available for verification, and prevent possibility of all roots being removed;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensure that the off-chain components are functioning correctly and adhere to best security practices;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">ensure that the Guardian Sets accounts stored on-chain are well protected, and there is no possibility for an attacker to tamper with these accounts;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">avoid using unchecked arithmetic. Although the likelihood of exploiting unchecked arithmetic in unintended ways may be low, potential issues still exist and could lead to catastrophic outcomes.<\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><b>Ackee Blockchain Security\u2019s full Wormhole audit report, which includes a more detailed description of all findings and recommendations, can be found <a href=\"https:\/\/github.com\/Ackee-Blockchain\/public-audit-reports\/blob\/master\/2024\/ackee-blockchain-wormhole-worldcoin-world-id-state-root-bridge-report.pdf\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/b><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">We were delighted to audit Wormhole and look forward to working with them again.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wormhole Worldcoin World ID State Root Bridge protocol enables the bridging of the Worldcoin World ID state root from Ethereum to Solana. The Worldcoin World ID utilizes Semaphore, with a single set containing public keys (or identity commitments) for each verified user. A commitment to this set is then replicated to other blockchains, in this case to Solana, where the new Merkle&hellip;<\/p>\n","protected":false},"author":28,"featured_media":960,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,5,113],"tags":[89,114,148,147],"class_list":["post-959","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-audits","category-solana","category-trident","tag-audit-summary","tag-trident","tag-worldcoin","tag-wormhole"],"aioseo_notices":[],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/11\/Wormhole-1-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2024\/11\/Wormhole-1-600x600.png","author_info":{"display_name":"Andrej Lukacovic","author_link":"https:\/\/ackee.xyz\/blog\/author\/andrej-lukacovic\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/959","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=959"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/959\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/960"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=959"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=959"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=959"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}