trynullsec/nullsec-s1-zk — explained in plain English
Analysis updated 2026-05-18
Scan a Circom circuit for underconstrained signals before deploying it.
Audit Halo2-style Rust circuits for missing public bindings and selector risks.
Generate exploit hypotheses for potential zero-knowledge proof bugs.
Add SARIF output to a CI pipeline for automated code scanning.
| trynullsec/nullsec-s1-zk | alexmt/mobile-for-argocd | alvinunreal/juice | |
|---|---|---|---|
| Stars | 32 | 32 | 32 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | easy | moderate | easy |
| Complexity | 4/5 | 3/5 | 3/5 |
| Audience | researcher | ops devops | developer |
Figures from each repo's GitHub metadata at analysis time.
Best used by someone who already understands Circom or Halo2 circuit design.
Nullsec S1-ZK is an open-source static analysis tool for zero-knowledge circuits. Zero-knowledge proofs are a cryptographic technique used in blockchain protocols and privacy systems, allowing someone to prove they know something without revealing what it is. The circuits that implement these proofs need to be written carefully, because a flaw in the constraint logic can let an attacker construct a fake proof that the system accepts as valid. This class of bug is called an underconstraint. The tool targets two circuit formats: Circom, which has a purpose-built language for writing ZK circuits, and Halo2-style Rust, which is a framework used by projects like the Zcash Orchard protocol. For Circom, S1-ZK builds a graph of signals and constraints and checks for specific unsafe patterns such as signals that are assigned but never constrained, missing range checks, unsafe division, and unbound inputs or outputs. For Halo2, it uses pattern-based analysis on the Rust source since a full Rust parser is not included. A standard scan runs in one command: npx @trynullsec/s1-zk scan ./circuits. An optional deep mode goes further by inferring what the circuit is supposed to prove from naming conventions and graph structure, checking whether the actual constraints support those proof obligations, and generating hypotheses about how a malicious prover might exploit any gaps. Output can be formatted as terminal text, JSON, Markdown, or SARIF for integration with code scanning workflows. The tool is fully local and deterministic, meaning it does not send any code to external services and produces the same results on every run. On the bundled synthetic benchmark, it achieves 100% precision and 92.86% recall, with one known miss in a Halo2 selector-booleanity case. The repository is clear that this is static analysis, not formal verification, and does not replace a specialist ZK audit. The package is published to npm under @trynullsec/s1-zk and released under the MIT license.
A local, deterministic static analysis tool that scans Circom and Halo2 zero-knowledge circuits for underconstraint bugs and generates exploit hypotheses.
Mainly TypeScript. The stack also includes TypeScript, Circom, Halo2.
MIT licensed, free to use, modify, and distribute including for commercial purposes.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.