124 matches found
GHSA-F77Q-R5QM-W4M8 sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic
The Gnark recursion circuit constrains arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. Proper implementation of this logic requires range checking Bn254 values to be less than the BabyBear modulus. In versions 1.2.0, functions like InvF and InvE used...
PT-2024-40264 · Gnark · Gnark
Name of the Vulnerable Software and Affected Versions: Gnark versions prior to 1.2.0 Description: The issue concerns the Gnark recursion circuit, which has constraints on arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. The problem arises from improper...
Sensitive Information Exposure
github.com/consensys/gnark is vulnerable to Sensitive Information Exposure. The vulnerability is caused by the same σ being used for all proofs of knowledge for commitments, allowing mixing between them. This makes it possible to fix the value of all but one commitment before selecting the circui...
CVE-2024-45040
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...
CVE-2024-45039
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...
CVE-2024-45039 gnark's Groth16 commitment extension unsound for more than one commitment
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...
CVE-2024-45039 gnark's Groth16 commitment extension unsound for more than one commitment
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...
CVE-2024-45039
CVE-2024-45039 (gnark) affects gnark up to version 0.10.x; reported soundness issue arises when multiple commitments are used inside a circuit, allowing the prover to select all but the last commitment. gnark relies on commitments for optimized non-native multiplication and other checks, which co...
CVE-2024-45039 gnark's Groth16 commitment extension unsound for more than one commitment
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...
CVE-2024-45040 gnark's commitments to private witnesses in Groth16 as implemented break zero-knowledge property
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not...
CVE-2024-45040
CVE-2024-45040 affects gnark’s Groth16 proofs that use commitments to private witnesses. The issue breaks zero-knowledge properties when commitments are used with Groth16 (PLONK is not affected). Attacks could enumerate possible witness values if small, compromising privacy; completeness and soun...
gnark 安全漏洞
gnark is a fast zk-SNARK library open-sourced by Consensys. for advanced APIs to design circuits. A security vulnerability exists in versions of gnark prior to 0.11.0 that stems from the ability of a prover to select all but the last commitment when multiple commitments are used in a circuit, whi...
PT-2024-31389 · Gnark · Gnark
Name of the Vulnerable Software and Affected Versions: gnark versions prior to 0.11.0 Description: The issue is a soundness problem in the gnark zk-SNARK library. When multiple commitments are used inside a circuit, the prover can choose all but the last commitment. This could impact the soundnes...
gnark 安全漏洞
gnark is a fast zk-SNARK library open-sourced by Consensys. for advanced APIs to design circuits. A security vulnerability exists in versions prior to gnark 0.11.0, which stems from the fact that the implementation of the commitment to a private witness in a Groth16 proof breaks the zero-knowledg...
Improper Input Validation
github.com/consensys/gnark is vulnerable to Improper Input Validation. The vulnerability is due to a lack of width validation in the range checker gadget. The Range checker allows inputs to be up to 16 bits wider than checked...
Signature Malleability
github.com/consensys/gnark-crypto is vulnerable to Signature Malleability. The vulnerability is due to the deserialization process of EdDSA and ECDSA signatures which does not ensure that the data is in a certain interval. This can be exploited to mount a Signature Malleability attack...
GO-2023-2333 Range checker gadget allows wider inputs than allowed in github.com/consensys/gnark
Range checker gadget allows wider inputs than allowed in github.com/consensys/gnark...
GHSA-RJJM-X32P-M3F7 gnark's range checker gadget allows wider inputs up to word alignment
Impact gnark provides a gadget in the standard library to allow optimized checking of the bitwidth of the inputs. The gadget works by constructing a fixed lookup table containing all valid entries, partitioning the input and checking that all parts are inside the lookup table. The range checker...
GO-2023-2119 Proof forgery due to insufficient randomness in github.com/consensys/gnark
A a third party may derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. This vulnerability is due to randomness being generated using a small part of the scratch memory describing the state, allowing for degrees of...
GO-2023-2101 Incorrect exponentiation results in github.com/consensys/gnark-crypto
Incorrect exponentiation results in github.com/consensys/gnark-crypto...