-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability allowing double spend #16
Comments
This is confirmed. Thanks a lot for this report. We'll reply here when it's fixed. |
This was referenced Jul 26, 2019
Fix merged! |
8 tasks
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Looks like in Semaphore.sol#L83 we don't check that nullifier length is less than field modulus. So
nullifier_hash + 21888242871839275222246405745257275088548364400416034343698204186575808495617
will also pass snark proof verification if it fits into uint256, allowing double spend.Example of 2 transactions:
https://kovan.etherscan.io/tx/0x5e8bf35ad76a086b98698f9d20bd7b6397ccc90aa6f85c1c5debc0262be5458a
https://kovan.etherscan.io/tx/0x9a47cc8daec9d0a5e9a860ada77730190124f9864a5917dcb8f41773d94cfc1a
The text was updated successfully, but these errors were encountered: