Blockchain Security Firm CertiK Reveals Vulnerability in Worldcoin Protocol Allowing Unverified Orb Operator Access
Blockchain security firm CertiK has disclosed a vulnerability in the Worldcoin protocol that allowed unauthorized access for an Orb operator.
In a recent Twitter thread, CertiK explained that the vulnerability allowed anyone to bypass the verification requirements to become an Orb operator without meeting the necessary criteria, such as being a legitimate company or passing a vetting interview.
"Through this security vulnerability, a malicious attacker could bypass the verification and strict participation criteria of the Worldcoin Operator acceptance process," the company wrote.
The usual process allows only legitimate businesses that pass strict identification verification to run an Orb operation, which collects users' iris information.
CertiK said it reported the issue to Worldcoin through a whitehat disclosure procedure, and the project's security team quickly addressed the vulnerability with a fix.
"CertiK has since verified and confirmed that the fix mitigated the threat," the company wrote.
Notably, CertiK's disclosure comes just a week after Worldcoin released a report on security audits conducted by Nethermind and Least Authority.
The audits covered various areas, including vulnerabilities in the code that could lead to adversarial actions and other attacks, as well as protection against malicious attacks and exploitation methods.
Nethermind's audit identified 26 items during the security assessment, of which 24 were fixed after the verification stage, one was mitigated, and one was acknowledged.
On the other hand, Least Authority discovered three issues in the protocol and provided six suggestions, all of which have either been resolved or have planned resolutions, according to Worldcoin.
Last week, Kenya’s Ministry
Read more on cryptonews.com
