Good day everyone,
I hope you are all well and had an excellent weekend, welcome to CryptoGod-1’s blog on all things crypto. Today I will once again be writing about WorldCoin, and this time it is about a vulnerability which was discovered by the Blockchain Security Firm CertiK.
Vulnerability in the WorldCoin Protocol
The blockchain security firm CertiK has disclosed the discovery of a vulnerability in the Worldcoin protocol, one which allowed unauthorized access for an Orb operator. This was revealed in a recent tweet by the firm, in which they explained that the vulnerability allowed anyone to bypass the verification requirements and thus become an Orb operator. This could be done without meeting the necessary criteria, such as being a legitimate company or passing a vetting interview.
"Through this security vulnerability, a malicious attacker could bypass the verification and strict participation criteria of the Worldcoin Operator acceptance process."
Generally the process only allows legitimate businesses that go through rigorous and strict identification verification to run an Orb operation. This operation allows the business to collect users data by scanning their iris. The report by CertiK noted that it had reported the issue to WorldCoin via a whitehack disclosure procedure, and the projects security team quickly addressed the vulnerability with a fix. CertiK went on to verify and confirm that the fix had mitigated the threat.
This comes just a week after WorldCoin had released a report on security audits conducted by Nethermind and Least Authority. Those audits covered a variety of areas, such as vulnerabilities in the code which could lead to adversarial actions and other attacks, along with protection against malicious attacks and exploitation methods.
The audit by Nethermind had identified 26 items during the security assessment, and 24 of those were fixed after the verification stage. One other was mitigated, and one was acknowledged. In the Least Authority audit, it was discovered that three issues existed with the protocol, and six suggestions were provided. All of these were either resolved or given planned resolutions, according to WorldCoin.
Kenya Issues Continue
In the last week the Ministry of the Interior for Kenya has issued a decree which has suspended WorldCoin from signing up further users in its nation, citing their concerns about its activities’ authenticity, legality, security, financial services, and data protection. An official announcement from the ministry has stated that they are beginning and investigation into the project. The Interior Minister Kithure Kindiki has stated:
“Relevant security, financial services and data protection agencies have commenced inquiries and investigations to establish the authenticity and legality of the aforesaid activities”
Currently valued at over $2 billion, WorldCoin is aiming to create a “proof-of-personhood” network which will be done by registering and verifying that its users are human. This is achieved through the scanning of the users iris. The project has gained plenty of attention, although a lot of negative attention has arisen around privacy and security concerns. The biometric data being collected has also raised questions about how this sensitive data will be stored, protected, and also potentially used.
More problems for the controversial project, as questions over its legitimacy, consent requirements, and much more keep reappearing. It will be interesting to keep an eye on the developments of this project going forward.
Have a great day.
Referral Links and Follow Me: