This article analyzes two critical zero-knowledge (ZK) proof vulnerabilities discovered by CertiK. The first, 'ZK Bug #1', was a soundness flaw in a zk-SNARK implementation allowing forged proofs. The second, 'ZK Bug #2', involved a trusted setup ceremony where a single malicious participant could compromise the entire system's security. The report details the technical causes, real-world implications, and essential mitigation strategies, emphasizing the need for rigorous auditing and secure multi-party computation (MPC) in ZK cryptography.