-
Notifications
You must be signed in to change notification settings - Fork 237
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Potential security bug with the zk-SNARK verifier #34
Comments
@weijiekoh thanks for the issue. Going over the linked issues, it looks like one of the ways this could be addressed is by validating all inputs in |
Yes, sounds good! I also recommend range-checking the proof elements as is done here: https://github.com/appliedzkp/semaphore/blob/master/contracts/sol/verifier.sol#L199 |
* Initial commit * GitBook: [#27] grammar updates * GitBook: [#28] No subject * GitBook: [#29] formatting change * GitBook: [#30] grammar change * GitBook: [#31] formatting change * GitBook: [#32] complete page of open source community functions, removing all duplications * GitBook: [#33] No subject * GitBook: [#34] No subject * GitBook: [#35] No subject * GitBook: [#36] No subject * GitBook: [#39] costmic fix * GitBook: [#40] No subject * Changes file name of original baseline example png and replaces original with new image * Fixes radish34 explained link * renames high level baselline architecture and replaces linked high level architecture with new image * fixes italicized bolded phrase md * renames bri2 stack pngs and updates bri-2 to point to those photos * Comments API package under source coude because it is a duplicate of the baseline package (alread on npm) * Changes persistence package md file name to identity - same change to summary.md file * Removes the duplicated org registry section from CCSM package and leaves it in identity package * Changes name of api package file to baseline (matching what shows on gitbook) * Changes package file name from api-1 to api in order to match gitbook * Changes file incorrectly name vaults to messaging to match its content in packages * adds vaults section to packages in summary md and correpsonding file * Changes radish link from google sheets connector file * testing radish link * Changes radish link in connector to relative gitbook link * Changes the baseline protocol link to a relative one in connectors files * Added dynamics, sheets, and sequence-diagram pngs to docs folder and fixed their reference in the erp connectors files * Changes the reference of image5 for the shuttle microservice container * GitBook: [#42] delete general assembly page as it is not governed as a separate body * GitBook: [#44] No subject * GitBook: [#45] community leaders updated * GitBook: [#46] No subject * GitBook: [#48] formatting updates on governance, info added to this page from other pages that belonged here. * GitBook: [#50] changes to community meeting docs * GitBook: [#51] changes to community pages * GitBook: [#52] formatting change * GitBook: [#53] updated terms on organzation * GitBook: [#55] No subject * GitBook: [#56] updating contributing title * GitBook: [#57] No subject * GitBook: [#65] Remove asterisks from welcome * GitBook: [#66] No subject * GitBook: [#67] No subject * GitBook: [#69] BASEIcs talk added * GitBook: [#72] No subject * GitBook: [#74] Misc. Grammar & Spelliing * GitBook: [#76] No subject * GitBook: [#78] Relinquishing Core Dev Status Co-authored-by: gitbook-bot <ghost@gitbook.com> Co-authored-by: sonal.patel <sonal.patel@mesh.xyz> Co-authored-by: Kasshern <keith.salzman@protonmail.com> Co-authored-by: mark.rymsza <mark.rymsza@mesh.xyz>
Expected Behavior
The
Verifier.verify()
function, not the function that calls it (i.e.Shield.createMSA()
andShield.createPO()
, should require that each public input to the snark is less than the scalar field:Actual Behavior
While the
Shield.createMSA()
andShield.createPO()
functions may not be vulnerable due to the way they hash some variables and check if the single public input matches the hash, other circuits in the future may be vulnerable if the developer does not do the required check.To avoid this problem entirely, perform the check in the
Verifier.verify()
function. This bugfix should probably be done upstream in the Nightfall repository.See also:
semaphore-protocol/semaphore#16
https://github.com/EYBlockchain/nightfall/pull/96
The text was updated successfully, but these errors were encountered: