[x] Identify all external cryptographic libraries used (arkworks etc.).
[x] Check if library versions are up to date and still maintained.
[ ] Verify that security advisories for dependencies are addressed.
[ ] Ensure consistent use of the same library across components (no redundant or conflicting libraries).
[x] Confirm correct parameterization of hash functions (Poseidon2 and BLAKE2b).
[x] Verify domain separation is applied properly (unique DSTs, field fitting if needed).
[x] Ensure constants are generated deterministically and documented.
[ ] Audit Merkle tree / MMR implementations for collision resistance and proof correctness.
n/a
[ ] Check for misuse of sponge capacity/rate parameters.
[x] Confirm correct elliptic curve choice matches intended security level.
[ ] Verify nonce generation: deterministic or secure randomness (RFC6979, zeroization after use).
n/a
[ ] Audit serialization/deserialization for malleability or replay risks.
[ ] Ensure signature verification logic matches spec (including edge cases).