-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Potential Smart Contract Range Check #2
Comments
These values are being inputs to For For |
The values submitted & stored in the In the zkDrops contract, nullifierHash is being range checked even if it is being fed into the verifier contract that is also generated based on the circuits: https://github.com/a16z/zkdrops/blob/a4e58bdad8391ffc133c3643c449be5d18b69832/zkdrops-contracts/contracts/PrivateAirdrop.sol#L38-L46 |
Description
Came across a few bugs while looking at some bugs reported in https://github.com/0xPARC/zk-bug-tracker that are similar:
Essentially the smart contracts used with the projects seem to be missing range checks for public inputs to ensure they're less than the
SNARK_SCALAR_FIELD
, sinceuint256
values in Solidity could overflow the field and cause issuesWondering if similar checks should be present in the Summa contracts where
uint256
public inputs are used like:uint256[] rootBalances
uint256 mstRoot
uint256[] memory publicInputs
and possibly others.
This is just an initial observation and need more work & help to validate/invalidate this. Nevertheless documenting it here
PS: Semaphore has since changed their logic to have no stark restrictions on groupIds. But the other codebases listed above still seem to use such range checks
The text was updated successfully, but these errors were encountered: