Certik Expresses Concerns About Orb Operator Onboarding, Worldcoin Responds

Certik, the most popular smart contract auditor expressed security concerns with the Worldcoin user onboarding process.

Certik, the most popular smart contract auditor expressed security concerns with the Worldcoin user onboarding process. Attackers could allegedly become orb operators by bypassing the verification process.

This is in addition to Worldcoin’s regulatory hurdles in Kenya, France, UK and Germany.

Certik’s Comments

On Aug 3, 2023, Certik posted on X (Twitter) that there was a security vulnerability in Worldcoin.

This would allow a malicious operator bypass the strict verification process of Worldcoin and could allow them to operate an orb which would grant them access to the iris scans, which is a sensitive biometric data.

The team then reported the security vulnerability to Worldcoin’s security team who then said fixed the threat which was then confirmed by Certik.

What is an Orb?

An Orb is a iris scanner that has a shiny ball-like structure. IT has functionality to scan iris for biometric verification. The orb can also scan QR codes.

Worldcoin Orb, Source Business Insider
Worldcoin Orb, Source Business Insider

An orb is a device used by Worldcoin and its operators to scan the iris of their onboarded customers. In return, the users will receive some Worldcoin.

Currently Worldcoin rewards its users with some cryptocurrency (WLD Tokens) if they signup using Orbs.