4 matches found
EUVD-2025-19064
Malicious code in bioql PyPI...
RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment
Impact Prior to 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library function will return true for a crafted commitment with a digest value of zero. This violates the semantics of validateCommitment, as this does not commitment to a block that is in the current chain. Because the digest...
CVE-2025-52884
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...
CVE-2025-52884 risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library...