The smart contract auditor CertiK reported a security vulnerability in Worldcoin’s Orb. The vulnerability was found in Orb’s operator functionality.
CertiK reported the potential breach to the Worldcoin team on 29th May, which clarifies the security analysis was done before its launch on 24th July.
“Through this security vulnerability” CertiK said, “a malicious attacker could bypass the verification and strict participation criteria of the Worldcoin Operator acceptance process.”
If it was exposed publicly, the Orb operator criteria could be changed by an attacker that would allow any entity to operate and access the Orb without official verification. Worldcoin’s security team has fixed the issue before releasing the project in public.
The Worldcoin team has formed a strict verification process for parties interested in becoming an Orb operator. Under the rules, the businesses or candidate operator need to be a registered company, have proper identification or go through a vetting interview.
Orbs are the physically installed objects that enable verification while creating a World ID. It scans irises of people and they receive Worldcoin (WLD) in return. There are currently 119 Orbs installed with the company aiming to roll out 1500 Orbs around the globe.
Worlcoin’s popularity is rising and along with that it is also facing resistance in several countries. Last week, the Kenyan government suspended Worldcoin citing it needs to be investigated first to clarify if it poses any risk to the general public.
