This article provides an in-depth analysis of two potential vulnerabilities in Zero-Knowledge Proof (ZKP) systems: the "Load8 Data Injection Attack" and the "Forgery Return Attack." The article details the technical specifics of these vulnerabilities, how they can be exploited, and the methods for fixing them. Additionally, it discusses the lessons learned from discovering these vulnerabilities during the auditing and formal verification processes of ZK systems and suggests best practices for ensuring the security of ZK systems.