Developing securely on Aleo blockchain: Common Vulnerability Patterns

We presented at Aleo zkHouse on 1st March 2024 in Denver.

Aleo zkHouse was a three-day event for zero-knowledge enthusiasts of all levels, and covered topics around Leo programming language, Aleo framework and its advantages, how to deploy dapps and so on.

Jon Stephens and Kostas Ferles from Veridise presented at the events and shared some fundamentals how to securely build on Aleo.

See the video recordings and short summary below — must watch for all builders on Aleo!

Common Vulnerability Patterns in Aleo

by Jon Stephens & Kostas Ferles

In this talk, Jon and Kostas shared valuable insights on common vulnerability patterns in the Aleo blockchain. Jon and Kostas take a deep dive into technical topics, ranging from an introduction to zero-knowledge circuits on Aleo and the Leo programming language to explaining missing state validation, an arithmetic denial of service, signature replay attacks, and privacy leakages.

According to Jon and Kostas, missing state validation is among the most common vulnerabilities in Leo and other ZK programming languages. Due to the ZK circuit’s inability to determine the current on-chain state, the user has to provide this data. Since the ZK circuit can’t check for the state’s validity, user claims must be validated on the smart contract side.

Besides missing state validation, common Aleo vulnerabilities may include:

1. An arithmetic denial of service: As ZK circuits have restricted control flow, it makes it more challenging for them to avoid errors like integer overflows.
2. Signature replay attacks: When a signature is not set up carefully, an attacker can go and reuse a publicly available signature in order to replay that particular action.
3. Privacy leakages: Aleo is a private blockchain, and there are many cases when users might accidentally leak information in a couple of different ways.

ZK Circuits in dApps: Common Bugs to Avoid

by Jon Stephens

In this talk, Jon speaks about bugs that occur when ZK circuits and dApps interact, particularly at the language level. He covers topics such as missing state validation, arithmetic denial of service, finite field overflow, proof verification replay, and privacy leakage while also focusing on ZK circuits in general.

During his presentation, Jon takes a look at the Aleo blockchain’s Leo, Mina’s o1js, and a mixture of Solidity and Circom, explaining how the above bugs could take place in dApps that were built using these languages.

In addition to the above topics, Jon also talks about the differences between zero-knowledge circuits and smart contracts. In the first case, ZK circuits are stateless and have restricted control flow, with either private or public inputs. Also, developers must operate over with the finite field numeric data type. On the other hand, smart contracts feature persistent storage, an arbitrary control flow, the fixed width integer numeric data type, and only public data privacy.

If you’re a developer building a dApp with ZK circuits, this video is a must-watch. You will find insights about the most common bugs in Leo, o1js, and Circom, along with how to avoid them and protect user safety.

Want to learn more about Veridise?

Twitter | Lens | LinkedIn | Github | Request Audit