Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vulnerability allowing double spend #16

Closed
poma opened this issue Jul 26, 2019 · 2 comments

Comments

@poma
Copy link

commented Jul 26, 2019

Looks like in Semaphore.sol#L83 we don't check that nullifier length is less than field modulus. So nullifier_hash + 21888242871839275222246405745257275088548364400416034343698204186575808495617 will also pass snark proof verification if it fits into uint256, allowing double spend.

Example of 2 transactions:

https://kovan.etherscan.io/tx/0x5e8bf35ad76a086b98698f9d20bd7b6397ccc90aa6f85c1c5debc0262be5458a
https://kovan.etherscan.io/tx/0x9a47cc8daec9d0a5e9a860ada77730190124f9864a5917dcb8f41773d94cfc1a

@poma poma changed the title Potential vulterability Vulnerability allowing double spend Jul 26, 2019

@kobigurk

This comment has been minimized.

Copy link
Owner

commented Jul 26, 2019

This is confirmed. Thanks a lot for this report. We'll reply here when it's fixed.

@kobigurk

This comment has been minimized.

Copy link
Owner

commented Jul 27, 2019

Fix merged!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.