OpenZeppelin completed an audit of the Starknet Privacy Pool (c5e2fb5), a UTXO-based privacy protocol for STRK20 standard on Starknet. The system uses channels, notes, and zero-knowledge proofs for private token transfers. A total of 11 issues were found, including 2 medium and 5 low severity. Both medium issues were resolved after the audit. The first medium issue involves invalid auditor public keys: the contract only checks that the key is non-zero but not that it corresponds to a valid curve point. If an invalid key is set, all operations relying on ECDH encryption—such as user registration (set_viewing_key) and withdrawals—will revert, effectively bricking the protocol until governance intervention. The second medium issue arises during auditor key rotation: previously encrypted data remains locked under the old key, causing a permanent audit gap for pre-rotation channels. A new auditor cannot decrypt user activity on those channels, breaking continuous surveillance. Low-severity findings include improper signature validation ordering, incompatibility with fee-on-transfer tokens, generic panics instead of explicit errors, a missing 120-bit constraint in pack, and ephemeral secret reuse in ECDH that could harm channel privacy. The report also notes trust assumptions: users rely on off-chain proving services, governance can upgrade with no delay, and privacy depends on client-side randomness. The audit emphasizes that __execute__ should never be called on-chain as private keys appear in calldata. Overall, while no critical or high issues were found, the medium findings highlight significant liveness and audit continuity risks that were addressed before deployment.

Key facts

• Medium: Invalid auditor public keys can brick registration and withdrawals; fixed in PR #720.
• Medium: Auditor key rotation breaks audit continuity for pre-rotation channels; fixed in PR #703.
• Low: Signature validation occurs after expensive compilation in __execute__.
• Low: Fee-on-transfer and rebasing tokens break nominal token accounting.
• Low: Ephemeral secret reuse in ECDH encryption breaks channel privacy.

KeyAudit data perspective