GHSA-f77q-r5qm-w4m8

Suggest an improvement
Source
https://github.com/advisories/GHSA-f77q-r5qm-w4m8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-f77q-r5qm-w4m8/GHSA-f77q-r5qm-w4m8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-f77q-r5qm-w4m8
Published
2024-10-29T15:37:50Z
Modified
2024-10-29T15:37:50Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic
Details

The Gnark recursion circuit constrains arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. Proper implementation of this logic requires range checking Bn254 values to be less than the BabyBear modulus.

In versions < 1.2.0, functions like InvF and InvE used values generated by hints that were not appropriately range checked. These issues are resolved in versions 1.2.0 and higher, by adding range checks in the appropriate places. This code was covered under the original audit scope of the recursion circuit audit by Veridise, and both Veridise and Kalos revisited the code for similar issues and found no additional vulnerabilities.

This issue was discovered by the Succinct team on September 3rd. The issue was fixed and resolved within 48 hours, and released with V1.2.0 (note that a later V2.0.0 release has the same contents as V1.2.0 to respect semver), with production SP1 users being notified and upgraded immediately. The V1.1.0 verifier was frozen on September 4th to ensure that no one uses versions of SP1 with this bug.

References

Affected packages

crates.io / sp1-recursion-gnark-ffi

Package

Name
sp1-recursion-gnark-ffi
View open source insights on deps.dev
Purl
pkg:cargo/sp1-recursion-gnark-ffi

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.2.0