Secured 2nd place in @stabilitydao competition on @cantinaxyz with 1H and 2M(1M solo). More miles to go, more lessons to learn. 🙌✨

Thanks @cantinaxyz and @monad. I am Cooked for real

Since the whiteboard session was very informative and technical, here are my notes for the same

I have spent the last week delving into zkVMs, examining how zero-knowledge proofs can verify general computations, the RISC-V architecture underlying them, and how @SuccinctLabs' SP1 brings it all together for on-chain, verifiable execution. If you want to explore too, here’s

Paper link :

9/9 > Takeaway: SNARKs are mathematically elegant but practically fragile. Robust zk-systems need: - safer languages - stronger tooling - end-to-end audits - defense-in-depth at all layers.

8/9 > Insights: - Low-level DSLs (Circom, Gnark) = bug-prone like early C. - Exploits may remain invisible (e.g., infinite coin printing in shielded pools). - Multi-provers + better DSLs + formal verification = urgent next steps.

7/9 > Defenses: Tools exist (Circomspect, Picus, Korrect, SNARKProbe). But → DSL-specific, circuit-focused, poor coverage. Integration layer defenses = basically absent.

6/9 > Integration bugs: unchecked nullifiers, flawed proof delegation, poor design → privacy and DoS risks. Circuits alone aren’t enough.

5/9 > Notable bugs: - Tornado Cash MiMC under-constrained → potential pool drain - Scroll zkEVM ltChip → missing range checks - Plonk “Frozen Heart” FS bug → proof forgery

4/9 > Impacts: - 124 soundness breaks - 14 completeness failures - 3 zero-knowledge leaks So yes, SNARKs can fail across all core properties.

3/9 > Most common flaw: under-constrained circuits (95 cases). Missing or weak constraints → soundness failures. Other circuit issues: unsafe gadget reuse, arithmetic field errors, out-of-circuit leaks.

2/9 > 4-layer model of an SNARK system: - Circuit (arith constraints) - Frontend (compilers/arithmetization) - Backend (setup, prover, verifier) - Integration (contracts/app logic) All layers had bugs.

1/9 > Paper systematizes 141 vulnerabilities (2018–2024) across SNARKs → audits, disclosures, bug trackers. First large-scale dataset of its kind.

Just read "SoK: What Don’t We Know? Understanding Security Vulnerabilities in SNARKs." by @cryptodavidw @schaliasosvons @0xSerious @MMJahanara @convoluted_code Turns out: SNARKs aren’t “just math.” 141 real-world bugs show why end-to-end security and better tooling are critical

Continuing with the @RareSkills_io ZK Book, just wrapped up Module 3. After completing the maths and ZK-SNARK pipeline in Modules 1 & 2, this module provided hands-on experience with Circom, including writing circuits, templates, loops, asserts, intermediate signals, stateful

Over the past 10 days, I worked through Modules 1 & 2 of the RareSkills ZK Book Learned the math foundations for ZK (finite fields, group theory, elliptic curves) and then built up to ZK-SNARKs step by step — circuits → R1CS → QAPs → pairings → trusted setup → Groth16. Big

Just found some very handy tools for the everyday EVM dev Decoding, hashing, bit manipulation, merkle trees, wallet/signatures EIPs, Uniswap hooks and more - a bit of everything, make sure to add it to your toolbelt🫡 https://t.co/STCUnwUG3l

Final standings from the @stabilitydao competition have landed. 🥇 kalyanSingh: $5,159.36 🥈 @sabanaku77: $1,784.24 🥉 @Nicks_block: $1,541.17 Appreciate everyone who contributed. Full leaderboard below.

Just wrapped up a great conversation on Web3 security, learning curves, and audit life with @RealJohnnyTime We covered: – My Web2 to Web3 jump – How SCH & Cyfrin Updraft shaped my audit journey – Real contest prep & mindset – Tips for new auditors