Worldcoin (WLD) has dozens of security issues
Date: 2023-07-31 Author: Karina Ziganova Categories: IN WORLD
The Worldcoin Project (WLD) has published audit reports conducted by two security consulting firms, Nethermind and Least Authority, to address security and privacy concerns.
Nethermind's auditor found 26 security issues with the protocol. At the verification stage, 24 (92.6%) of them were corrected. Least Authority discovered three problems and presented six proposals, all of which have been solved or are about to be resolved.
The audit reports focused on security aspects such as DDoS protection, encryption, key management, and data integrity. Some of the issues found were caused by dependencies on Semaphore and Ethereum, including "support for elliptic curve precompilation or Poseidon hash function configuration." Most of the vulnerabilities identified have been resolved or will be resolved in the near future, with the exception of one, which is still under evaluation.
Risks of Worldcoin
The hype around Worldcoin has raised a number of concerns about the security of the project. In particular, Ethereum founder Vitalik Buterin pointed to serious concerns about privacy. So, there is a risk of misuse or leakage of information related to user identification.
Moreover, in his opinion, the integrity of the design of the Worldcoin hardware device cannot be verified. Therefore, even if the software is decentralized, the Worldcoin Foundation has the potential to implement a backdoor and create fake human identities. Another potential risk is the security of the system. Among them are being forced to scan the iris for someone else, selling or renting ID cards, and 3D-printed "fake people."
Users don't worry about security
However, early participants of the project admit that, despite the possible risks, they are interested in participating in the project. At the same time, some stated that they did not read Worldcoin's privacy policy. It says that the data can be transferred to subcontractors and, possibly, will be available to governments and authorities. At the same time, the documents say that steps are now being taken to reduce risks and encryption is being used to prevent unauthorized access.
Some organizations are already calling what is happening a "potential privacy nightmare." The British group of companies Big Brother Watch believes that identification by the retina of the eye "strengthens state and corporate control over people's lives."
