Vulnerability allowing double spend #16

poma · 2019-07-26T06:44:22Z

Looks like in Semaphore.sol#L83 we don't check that nullifier length is less than field modulus. So nullifier_hash + 21888242871839275222246405745257275088548364400416034343698204186575808495617 will also pass snark proof verification if it fits into uint256, allowing double spend.

Example of 2 transactions:

https://kovan.etherscan.io/tx/0x5e8bf35ad76a086b98698f9d20bd7b6397ccc90aa6f85c1c5debc0262be5458a
https://kovan.etherscan.io/tx/0x9a47cc8daec9d0a5e9a860ada77730190124f9864a5917dcb8f41773d94cfc1a

The text was updated successfully, but these errors were encountered:

kobigurk · 2019-07-26T11:33:55Z

This is confirmed. Thanks a lot for this report. We'll reply here when it's fixed.

kobigurk · 2019-07-27T02:54:27Z

Fix merged!

HarryR mentioned this issue Jul 26, 2019

Verify that inputs to contract are within the scalar field to avoid aliasing HarryR/ethsnarks-miximus#19

Open

Schaeff mentioned this issue Jul 26, 2019

Constrain public inputs to <p in verifier Zokrates/ZoKrates#439

Closed

HarryR mentioned this issue Jul 26, 2019

Require that inputs to the proof are within the scalar field HarryR/ethsnarks#141

Merged

kendricktan mentioned this issue Jul 26, 2019

Potential double spend vulnerability kendricktan/heiswap-dapp#17

Open

This was referenced Jul 26, 2019

Ensures public inputs are less than the scalar field size iden3/snarkjs#26

Merged

feat: optimizations and bug fixes #19

Merged

kobigurk closed this as completed Jul 27, 2019

BlockHeader mentioned this issue Jul 29, 2019

About Vulnerability allowing double spend in Verifier.sol Zokrates/ZoKrates#441

Closed

AntoineRondelet mentioned this issue Aug 5, 2019

Double spending threat if no range check is done on public inputs in verifier clearmatics/zeth#38

Closed

weijiekoh mentioned this issue Mar 21, 2020

Potential security bug with the zk-SNARK verifier ethereum-oasis-op/baseline#34

Closed

skarred14 mentioned this issue Mar 25, 2020

fix(security): verifier contract range limit checks ethereum-oasis-op/baseline#43

Merged

8 tasks

0xsaya mentioned this issue May 4, 2023

Input Aliasing issue #317

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability allowing double spend #16

Vulnerability allowing double spend #16

poma commented Jul 26, 2019 •

edited

Loading

kobigurk commented Jul 26, 2019 •

edited

Loading

kobigurk commented Jul 27, 2019

Vulnerability allowing double spend #16

Vulnerability allowing double spend #16

Comments

poma commented Jul 26, 2019 • edited Loading

kobigurk commented Jul 26, 2019 • edited Loading

kobigurk commented Jul 27, 2019

poma commented Jul 26, 2019 •

edited

Loading

kobigurk commented Jul 26, 2019 •

edited

Loading