Skills
skills/fractionestate/midnight-dev-skills/security

security

SKILL.md

Security Auditing for Midnight Network

Expert knowledge for auditing Midnight Network contracts and privacy-preserving applications.

Security Priorities

  1. Privacy Protection - Ensure sensitive data stays private
  2. Cryptographic Integrity - Verify commitments, nullifiers, proofs
  3. Access Control - Validate authorization patterns
  4. Input Validation - Check all assertions and bounds
  5. State Safety - Prevent manipulation and reentrancy

Severity Classification

Level Icon Description Examples
Critical 🔴 Funds at risk, privacy broken Witness exposure, key leak
High 🟠 Significant leak or bypass Predictable nullifier
Medium 🟡 Logic errors, incomplete checks Missing validation
Low 🟢 Best practice violations Poor error messages
Info ℹ️ Improvement suggestions Code clarity

Quick Checklist

Compact Contracts

  • All assertions have descriptive messages
  • Sensitive data uses witness or secret
  • No plaintext secrets in ledger
  • Commitments use salt (hash2)
  • Nullifiers include secret context
  • Range checks before arithmetic
  • Access control where needed

TypeScript dApps

  • Wallet availability checked
  • Transactions properly confirmed
  • No secrets logged or exposed
  • Private state encrypted
  • Error boundaries in place
  • HTTPS enforced

References

Assets

Weekly Installs
3
Repository
fractionestate/…v-skills
First Seen
Jan 31, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
gemini-cli3
opencode2
antigravity2
replit2
claude-code2
github-copilot2