The ZK Circuit Kill Chain: 7 Zero-Knowledge Proof Vulnerabilities That Have Cost DeFi Over $200M — And How to Audit for Each One

Zero-knowledge proofs were supposed to be the silver bullet — mathematically provable, cryptographically sound, "fraud is literally impossible." Then Foom Cash lost $2.3M in March 2026 because someone misconfigured a verifier circuit, and suddenly "mathematically provable" felt a lot less comforting. Here's the uncomfortable truth: ZK circuits are the most complex code in your entire protocol stack, and almost nobody audits them properly. The constraints are invisible. The bugs are non-obvious. And when they fail, they fail catastrophically — allowing attackers to forge proofs, mint tokens from nothing, or drain bridges without leaving a trace. This article breaks down the 7 vulnerability classes in ZK circuits that have led to real losses, with concrete detection patterns and code-level fixes for each. 1. Under-Constrained Circuits: The Silent Proof Forger What it is: A ZK circuit that doesn't fully constrain all witness values, allowing multiple valid witnesses for a single public in