2 matches found
CVE-2026-54496 Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad 5.0.0, halo2gadgets 0.5.0, orchard 0.14.0, zcashprimitives 0.28.0, and zcashd 6.20.0, the variable-base scalar multiplication gadget in halo2gadgets/src/ecc/chip/mul/incomplete.rs used assignadvice for the base point without a copy...
CVE-2026-54496
CVE-2026-54496 affects Zebrad and related crates (halo2_gadgets, orchard, zcash_primitives, zcashd) prior to fixed versions. Root cause: the variable-base scalar multiplication gadget uses assign_advice() to feed the base point in halo2_gadgets—without a copy constraint tying it to the real base—...