diff --git a/src/protocol.rs b/src/protocol.rs
index 6c7b620..a1759d0 100644
--- a/src/protocol.rs
+++ b/src/protocol.rs
@@ -147,6 +147,11 @@ pub fn generate_proof(
 }
 
 /// Verifies a given semaphore proof
+///
+/// # Errors
+///
+/// Returns a [`ProofError`] if verifying fails. Verification failure does not
+/// necessarily mean the proof is incorrect.
 pub fn verify_proof(
     config: &SnarkFileConfig,
     root: &BigInt,
@@ -161,13 +166,17 @@ pub fn verify_proof(
     let pvk = prepare_verifying_key(&params.vk);
 
     let public_inputs = vec![
-        Fp256::from(root.to_biguint().unwrap()),
-        Fp256::from(nullifier_hash.to_biguint().unwrap()),
-        Fp256::from(hash_signal(signal).to_biguint().unwrap()),
+        Fp256::from(root.to_biguint().expect("can not be negative")),
+        Fp256::from(nullifier_hash.to_biguint().expect("can not be negative")),
+        Fp256::from(
+            hash_signal(signal)
+                .to_biguint()
+                .expect("can not be negative"),
+        ),
         Fp256::from(
             hash_external_nullifier(external_nullifier)
                 .to_biguint()
-                .unwrap(),
+                .expect("can not be negative"),
         ),
     ];
     let result = ark_groth16::verify_proof(&pvk, proof, &public_inputs)?;
diff --git a/src/util.rs b/src/util.rs
index f0ebd2f..a0f7fe6 100644
--- a/src/util.rs
+++ b/src/util.rs
@@ -3,12 +3,15 @@ use num_bigint::{BigInt, Sign};
 use poseidon_rs::{Fr, FrRepr};
 
 #[must_use]
+#[allow(clippy::missing_panics_doc)] // TODO: Remove panics
 pub fn fr_to_bigint(fr: Fr) -> BigInt {
     let mut bytes = [0_u8; 32];
     fr.into_repr().write_be(&mut bytes[..]).unwrap();
     BigInt::from_bytes_be(Sign::Plus, &bytes)
 }
 
+#[must_use]
+#[allow(clippy::missing_panics_doc)] // TODO: Remove panics
 pub fn bigint_to_fr(bi: &BigInt) -> Fr {
     // dirty: have to force the point into the field manually, otherwise you get an
     // error if bi not in field