security
Installation
SKILL.md
Security Auditing for Midnight Network
Expert knowledge for auditing Midnight Network contracts and privacy-preserving applications.
Security Priorities
- Privacy Protection - Ensure sensitive data stays private
- Cryptographic Integrity - Verify commitments, nullifiers, proofs
- Access Control - Validate authorization patterns
- Input Validation - Check all assertions and bounds
- State Safety - Prevent manipulation and reentrancy
Severity Classification
| Level | Icon | Description | Examples |
|---|---|---|---|
| Critical | 🔴 | Funds at risk, privacy broken | Witness exposure, key leak |
| High | 🟠 | Significant leak or bypass | Predictable nullifier |
| Medium | 🟡 | Logic errors, incomplete checks | Missing validation |
| Low | 🟢 | Best practice violations | Poor error messages |
| Info | ℹ️ | Improvement suggestions | Code clarity |
Quick Checklist
Compact Contracts
- All assertions have descriptive messages
- Sensitive data uses
witnessorsecret - No plaintext secrets in ledger
- Commitments use salt (hash2)
- Nullifiers include secret context
- Range checks before arithmetic
- Access control where needed
TypeScript dApps
- Wallet availability checked
- Transactions properly confirmed
- No secrets logged or exposed
- Private state encrypted
- Error boundaries in place
- HTTPS enforced
References
- references/vulnerabilities.md - Common vulnerability patterns
Assets
- assets/audit-report.md - Audit report template
Related skills
More from fractionestate/midnight-dev-skills
tailwindcss
>-
24nextjs
Next.js 16.1+ App Router patterns including Server Components, Client Components, Server Actions, Route Handlers, Turbopack, MCP integration, and modern React patterns. Use when building pages, layouts, data fetching, or API routes. Triggers on Next.js, App Router, RSC, or Server Actions questions.
5turborepo
>-
5playwright
>-
5prisma
>-
4compact
>-
4