aaronbassett/compact-reviewer:security-review
plugins/compact-reviewer/skills/security-review/SKILL.md
Use when reviewing Compact contracts for security vulnerabilities, privacy leaks, disclosure violations, access control issues, or ZK-specific attack vectors.
testing
Updated Mar 26, 2026
$ install --global
skillsauthnpx skillsauth add aaronbassett/midnight-knowledgebase compact-reviewer:security-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
4 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
4
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 12:36 PM45.1s1 file scanned
SKILL.md
- name:
- compact-reviewer:security-review
- description:
- Use when reviewing Compact contracts for security vulnerabilities, privacy leaks, disclosure violations, access control issues, or ZK-specific attack vectors.
Security Review Skill
Comprehensive security analysis for Compact smart contracts on the Midnight Network.
When to Use
This skill activates for queries about:
- Security vulnerabilities in Compact contracts
- Privacy and disclosure issues
- Access control verification
- ZK-specific attack patterns
- Audit and security review
Trigger words: security, vulnerability, audit, disclosure, access control, privacy leak, attack vector
Quick Reference
Security Checklist
| Category | Check | Severity if Failed |
|----------|-------|-------------------|
| Access Control | Exported circuits verify caller authorization | 🔴 Critical |
| Disclosure | All public outputs use disclose() | 🔴 Critical |
| Input Validation | All witness inputs validated/bounded | 🔴 Critical |
| State Protection | Ledger writes have authorization checks | 🟠 High |
| ZK Attacks | Low-entropy witnesses not used in hashes | 🔴 Critical |
| Timing | No witness-dependent control flow | 🟠 High |
Common Vulnerabilities
// ❌ Missing access control
export circuit withdraw(amount: Uint<64>): [] {
balance.decrement(amount); // Anyone can call!
}
// ✅ With access control
export circuit withdraw(amount: Uint<64>): [] {
const caller = get_caller_secret();
assert hash(caller) == owner_hash.read();
balance.decrement(amount);
}
// ❌ Disclosure violation
export circuit get_balance(): Uint<64> {
return balance.read(); // Missing disclose!
}
// ✅ Explicit disclosure
export circuit get_balance(): Uint<64> {
return disclose(balance.read());
}
ZK Attack Vectors
| ID | Attack | Risk | Detection |
|----|--------|------|-----------|
| AV-03 | Nullifier Linkability | 🔴 Critical | Low-entropy input to persistentHash() |
| AV-06 | Witness Entropy Exhaustion | 🔴 Critical | Bounded witness types (Uint<8>, enums) |
| AV-01 | Implicit Taint Leakage | 🟠 High | Witness-dependent control flow |
| AV-08 | Circuit Under-Constraint | 🔴 Critical | Missing assertions on witness ranges |
Review Process
1. Access Control Verification
For each export circuit:
- Identify who should be authorized to call it
- Verify authorization check exists (witness + assertion)
- Check authorization uses proper cryptographic verification
// Pattern: Authorization check
witness get_admin_key(): Bytes<32>;
export circuit admin_action(): [] {
const admin = get_admin_key();
assert hash(admin) == admin_hash.read(); // ✓ Crypto verification
// ... perform action
}
2. Disclosure Analysis
For each value returned from a circuit:
- Trace value origin (ledger, witness, computation)
- Verify
disclose()is used for public outputs - Check for implicit disclosure via ledger writes
// Must use disclose() for:
// - Return values from export circuits
// - Values derived from witnesses that become public
// - Ledger state that should be visible
3. Input Validation
For each witness function:
- Check type bounds (Uint<N> has 2^N values)
- Verify assertions bound the valid range
- Look for missing null/empty checks
// ❌ Unbounded witness
witness get_choice(): Uint<8>; // 256 possibilities
export circuit vote(): [] {
const choice = get_choice();
voteTally[choice].increment(1); // No bounds check!
}
// ✅ Bounded witness
export circuit vote(): [] {
const choice = get_choice();
assert choice < 5; // Only 5 valid choices
voteTally[choice].increment(1);
}
4. ZK-Specific Checks
Run through attack vector checklist:
| Check | Look For | If Found |
|-------|----------|----------|
| AV-01 | if disclose(witness) or witness in loop count | Flag timing leak |
| AV-03 | persistentHash(low_entropy) | Flag nullifier linkability |
| AV-06 | Uint<1-16> in security-critical paths | Flag brute-force risk |
| AV-08 | Witness used without range assertion | Flag under-constraint |
References
- Vulnerability Checklist - Complete vulnerability catalog
- Disclosure Rules - Privacy leak detection patterns
- ZK Attack Vectors - AV-01 through AV-12 documentation
Related Skills
- critical-issues - Bug and logic error detection
- compact-core/privacy-disclosure - Compact privacy model
- compact-core/standard-library - Crypto function safety
Related Skills
aaronbassett/midnight-tooling:midnight-setup
tools
VerifiedTrustedCommunity
Use when setting up Midnight development environment, installing Compact compiler and developer tools, configuring proof server, verifying prerequisites, or getting started with Midnight development.
SKILL.mdUpdated Mar 26, 2026
aaronbassett/plugins/midnight-tooling/skills/midnight-debugging
tools
VerifiedTrustedCommunity
--- name: midnight-tooling:midnight-debugging description: Use when encountering Midnight errors like "compact: command not found", "ERR_UNSUPPORTED_DIR_IMPORT", version mismatches, proof server failures, "@midnight-ntwrk" package errors, or compilation failures. --- # Midnight Environment Debugging Expert knowledge for identifying and resolving common Midnight development toolchain issues. ## Diagnostic Approach When encountering Midnight-related errors, follow this systematic approach: 1.
SKILL.mdUpdated Mar 26, 2026
aaronbassett/midnight-tooling:midnight-compatibility
tools
VerifiedTrustedCommunity
Use when checking Midnight version compatibility, understanding pragma language_version, verifying compiler and runtime version relationships, or troubleshooting version mismatch errors between Midnight components.
SKILL.mdUpdated Mar 26, 2026
aaronbassett/midnight-tooling:midnight-ci
tools
VerifiedTrustedCommunity
Use when setting up CI/CD for Midnight projects, configuring GitHub Actions for Compact contract compilation, running TypeScript tests in CI, validating version consistency, or automating contract builds.
SKILL.mdUpdated Mar 26, 2026