Blog

World – Mobile IrisCode Self-Custody Upgrade (2nd Review)

We performed a second security audit of World’s MPC Circuit within the Mobile IrisCode Self-Custody Upgrade project, which allows users to self-host biometric data on their personal device while supporting high-integrity authentication for the World ID service. Our final audit report was completed on March 7, 2025. To read the

Read More »

Navigating the Audit Process: Client Engagement and Technical Methodology

In today’s rapidly evolving tech landscape, ensuring robust security is more than a checklist—it’s a collaborative journey. At Least Authority, our process begins by working closely with our client to define the audit scope and secure the essential documentation and resources. Through in-depth technical discussions, we pinpoint key concerns and

Read More »

Exploring AI-Assisted Security Audits

Can Artificial Intelligence Be Integrated Into Our Workflow? At Least Authority, we are always exploring innovative ways to enhance our security auditing processes and improve our ability to identify vulnerabilities. One area of particular interest is the usefulness of various Artificial Intelligence (AI) models and how they can be integrated

Read More »

World – SMPC Protocol (3rd Review)

Our team performed a review of the recent changes to World‘s secure multi-party computation protocol V2 (SMPC Protocol), which is used to match a given iris against a database of iris shares. In this third review, we audited the changes implemented in the second version of the protocol since our

Read More »

Warlock Labs – Sylow and SolBLS

Warlock has requested that Least Authority perform a security audit of Sylow and SolBLS. Sylow is a Rust library for elliptic curve cryptography, specifically tailored for the BN254 curve, and SolBLS is a Solidity library optimized for on-chain BLS signature verification. Our final audit report was completed on January 6,

Read More »

Innovating with Purpose: Our Contributions in 2024

The year 2024 was one of significant growth and collaboration across the Web3 landscape. From new grant funding initiatives to greater emphasis on security audits and privacy protections, the entire space saw a surge in technological innovation, research, and community-driven projects. At Least Authority, we leveraged our decade of experience

Read More »

QEDIT – OrchardZSA Protocol for Zcash

As the Zcash Ecosystem Security Lead, Zcash Community Grants (ZCG) has requested that Least Authority perform a security audit of the OrchardZSA Protocol by the QEDIT team. OrchardZSA is an extension of the Zcash Orchard protocol. Our final audit report was completed on January 3, 2025*.  To read the full

Read More »

World – Mobile IrisCode Self-Custody Upgrade

We performed a security audit of World‘s Mobile IrisCode Self-Custody Upgrade project, which allows users to self-host biometric data on their personal device while supporting authentication for the World ID service. Our final audit report was completed on January 2, 2025. To read the full report, including our findings, click

Read More »
Archives