search

o1-labs / o1js

TypeScript framework for zk-SNARKs and zkApps
https://docs.minaprotocol.com/en/zkapps/how-to-write-a-zkapp
Apache License 2.0
501 stars 111 forks source link

Check examples for vulnerabilities #1640

Open garwalsh opened 4 months ago

garwalsh commented 4 months ago

Check examples https://github.com/o1-labs/o1js/tree/main/src/examples and tutorial code, code snippets for vulnerabilities

garwalsh commented 2 months ago

This task in interesting. What we want to avoid: providing examples that developers might copy and paste and end up with vulnerable zkApps. But we also don't want to make the examples so complicated that they don't serve their purpose (to simply explain concepts)

So the task here is to work through the examples and drop warnings in the comments if a pattern we use to illustrate a concept is unsuitable for a production zkApp.

Maybe it's just a boilerplate comment that we add to the top of all of them.

Happy to talk this through with whoever picks it up (probably once that person has had a chance to look through the current examples with this context in mind)