Headline
CVE-2023-33252: History for src/groth16_verify.js - iden3/snarkjs
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.
Commits on May 18, 2023
Refactor groth16 smart contract (#372)
* Plonk refactored with new clsses and working
* change logger.in -> logger.debug
* update protocol to last version
* Refactor Fiat-Shamir adding preprocessed circuit dependent values
* Add check functions in js and sc
* refactor groth16 smart contract to assembly code
* fix calldata types and test passing
* fix errors. working
* wip
* add debug function
* remove console.log import
* Plonk smart contracte refactored.
* Added test with circuits using +1 inputs
* Added cricuits tests with +1 inputs
* mod package.json
* Plonk refactored with new clsses and working
* change logger.in -> logger.debug
* update protocol to last version
* Refactor Fiat-Shamir adding preprocessed circuit dependent values
* fix errors. working
* wip
* add debug function
* Plonk smart contracte refactored.
* Added cricuits tests with +1 inputs
* mod package.json
* update ffjavascript to 0.2.59
* Add check functions in js and sc
* refactor groth16 smart contract to assembly code
* fix calldata types and test passing
* remove console.log import
* add scalar import
* Add check functions in js and sc
* refactor groth16 smart contract to assembly code
* fix calldata types and test passing
* remove console.log import
* add scalar import
* remove hardhat import
Co-authored-by: Jordi Baylina [email protected]
Commits on May 16, 2022
refactor(scope): move unstringification of BigInts to Library from cl…
…ient
The CLI uses the `unstringifyBigInts` utility on Objects and then passes it to the library functions. When working on a webclient or using the library without the cli this leads to production of errors, one example is generating callData for Solidity Verifier, since unstringification of BigBigInts haven’t happened, the callData generated is corrupt, anyone who wants to fix this would have to read the cli to figure out what is going wrong.
Two files: `plonk_verify.js` & `groth16_verify.js` are doing this unstringification in themselves already, and the CLI is doing it again making the unstringification reduntant.
This PR moves the unstringification of BigInts to library files, which saves the effort for anyone consuming the library to dig deep in the CLI and then figure our what is going wrong, it also solves the reduntancy mentioned in the section above.
The PR also includes the updated builds and has also passed all described library tests.
Commits on May 18, 2021
Commits on Jul 13, 2020
Commits on Jul 11, 2020
Related news
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.