Worldcoin releases audit reports on resolved security issues.

Worldcoin releases audit reports on resolved security issues.

The Worldcoin Protocol: Security Audits and Controversies

The Worldcoin protocol, known for its innovative Proof of Humanity protocol, recently released audit reports by security consulting firms Nethermind and Least Authority. These reports have come at a time when the project is facing criticism regarding its data collection practices. Understanding the significance of these audits requires delving into the background and concepts surrounding the blockchain industry.

Worldcoin and the Proof of Humanity Protocol

Worldcoin first gained prominence in 2021 when it introduced its ambitious goal of distributing free tokens to individuals who could prove their humanness. This verification was facilitated through the use of an iris scanning device called the “Orb.” The project was co-founded by Sam Altman, a renowned AI developer and co-founder of OpenAI.

The main motivation behind Worldcoin’s Proof of Humanity protocol was to address the rising concern of AI bots infiltrating various platforms, posing a threat to human users’ privacy and security. The Orb device provided a means for individuals to verify their humanness without compromising privacy. It generated a hash of the user’s iris scan, eliminating the need to store the actual scan.

Controversies Surrounding Worldcoin

Worldcoin’s public launch on July 25, after two years of development and beta testing, was met with immediate criticism and regulatory scrutiny. The Information Commissioner’s Office in the United Kingdom announced that it was considering investigating the project for potential violations of data protection laws. Similarly, the French data protection agency CNIL also raised concerns about the legality of Worldcoin’s practices.

The crypto community itself displayed a divided opinion on the project’s launch. Some saw it as a significant step toward safeguarding individuals from malicious AIs, whereas others viewed it as a dystopian future that endangered privacy. These debates reflect the broader concerns regarding the trade-off between privacy and security in the digital age.

The Importance of Security Audits

To address the growing concerns and ensure the protocol’s integrity, Worldcoin engaged security consulting firms Nethermind and Least Authority to conduct comprehensive security audits. These audits focused on various aspects such as resistance to Distributed Denial of Service (DDoS) attacks, implementation errors, key storage and management, data leaking and information integrity, among others.

Nethermind’s audit report identified 26 security issues, 24 of which were fixed during the verification stage. The remaining issues were either mitigated or acknowledged. Least Authority’s audit discovered three issues and provided six suggestions, all of which were addressed or planned for resolution. The clear identification and resolution of these security issues demonstrate the project’s commitment to building a robust and trustworthy blockchain protocol.

Technical Details of the Audit Reports

The audit reports released by Nethermind and Least Authority dive into technical details related to the protocol’s security. These details offer deeper insights into the vulnerabilities that were discovered and the measures taken to address them. Some of the key findings and actions taken include:

  • Dependency concerns: The audits identified certain issues arising from dependencies on Semaphore and Ethereum, such as elliptic curve precompile support or Poseidon hash function configuration. These issues were appropriately resolved or planned for resolution.
  • DDoS resistance: The audits focused on evaluating the protocol’s resistance against DDoS attacks, a common threat faced by blockchain networks. The reports highlight the steps taken to mitigate these risks and ensure the protocol’s stability.
  • Key storage and management: Proper storage and management of encryption keys are crucial for maintaining the security of a blockchain network. The audits examined the protocol’s key storage mechanisms and recommended improvements where necessary.
  • Data leakage and integrity: Maintaining data privacy and integrity is essential to uphold user trust. The audits assessed the protocol’s data protection measures and suggested enhancements to prevent any potential data leaks.


The recent security audits conducted on the Worldcoin protocol by Nethermind and Least Authority demonstrate the project’s commitment to transparency and accountability. By addressing the identified security issues and implementing the suggested improvements, Worldcoin aims to enhance the security and integrity of its Proof of Humanity protocol. These audits serve as a testament to the importance of rigorous security evaluations in the blockchain industry, ensuring the protection of user data and fostering trust in blockchain-based solutions.