Crypto security firm CertiK reported a vulnerability in the Worldcoin protocol that allowed anyone to bypass the verification process and become an Orb operator, a security risk the Worldcoin team has since fixed.
CertiK, a crypto security firm, recently discovered a security flaw in the Worldcoin protocol that allowed an attacker to bypass the verification process and become an Orb operator. Under normal circumstances, only legitimate businesses that pass Worldcoin's strict identification verification process can run Orb operations, which collect users' iris information.
CertiK reported the issue to Worldcoin through a standard whitehat disclosure procedure, and the project's security team quickly confirmed and resolved the vulnerability. CertiK verified that the fix mitigated the threat and plans to release detailed information on the finding and its mitigation in the future.
This disclosure follows a report from Worldcoin detailing security audits conducted by audit firms Nethermind and Least Authority. Nethermind flagged 26 items during its security assessment, 24 of which were fixed, one was mitigated, and the last one acknowledged. Least Authority identified three issues and offered six suggestions, which have either been resolved or are in the process of being addressed, according to Worldcoin.