4 matches found
Insufficient Entropy
github.com/consensys/gnark is vulnerable to Insufficient Entropy. The vulnerability is due to a flaw in randomness generation process which allows an attacker to generate a valid proof. The vulnerability allows a third party to derive a valid proof from a valid initial tuple. Note that the impact...
GO-2023-2119 Proof forgery due to insufficient randomness in github.com/consensys/gnark
A a third party may derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. This vulnerability is due to randomness being generated using a small part of the scratch memory describing the state, allowing for degrees of...
GHSA-7P92-X423-VWJ6 Plonk verifier KZG multi point verification
Impact The vulnerability allows a third party to derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. It is due to a randomness being generated using a small part of the scratch memory describing the state, allowing for...
Plonk verifier KZG multi point verification
Impact The vulnerability allows a third party to derive a valid proof from a valid initial tuple proof, publicinputs, corresponding to the same public inputs as the initial proof. It is due to a randomness being generated using a small part of the scratch memory describing the state, allowing for...