Trail of Bits
Audit Open Original ↗

Aleo snarkVM

Type

Security review

Client

Aleo Systems

Date

2022-09

Domain

Crypto

Effort

12 wks

Section

Technology Product Reviews

Trail of Bits's security review of Aleo Systems (Sep 2022) identified 29 issues: 2 medium, 6 low, and 21 informational.

Findings · 29

  1. 1 Console’s Field and Scalar divisions panic Low
  2. 2 from_xy_coordinates function lacks checks and can panic Medium
  3. 3 Blake2Xs implementation fails to provide the requested number of bytes Informational
  4. 4 Blake2Xs implementation’s node oset definition diers from specification Informational
  5. 5 Compiling cast instructions can lead to panic Low
  6. 6 Displaying an Identifier can cause a panic Informational
  7. 7 Build script causes compilation to rerun Informational
  8. 8 Invisible codepoints are supported Informational
  9. 9 Merkle tree constructor panics with large leaf array Low
  10. 10 Downcast possibly truncates value Informational
  11. 11 Plaintext::from_bits_* functions assume array has elements Informational
  12. 12 Arbitrarily deep recursion causes stack exhaustion Low
  13. 13 Inconsistent pair parsing Informational
  14. 14 Signature verifies with dierent messages Informational
  15. 15 Unchecked output length during ToFields conversion Informational
  16. 16 Potential panic on ensure_console_and_circuit_registers_match Informational
  17. 17 Reserved keyword list is missing owner Informational
  18. 18 Commit and hash instructions not matched against the opcode in check_instruction_opcode Informational
  19. 19 Incorrect validation of the number of operands Informational
  20. 20 Inconsistent and random compiler error message Informational
  21. 21 Instruction add_* methods incorrectly compare maximum number of allowed instructions Low
  22. 22 Instances of unchecked zip_eq can cause runtime errors Informational
  23. 23 Hash functions lack domain separation Medium
  24. 24 Deployment constructor does not enforce the network edition value Informational
  25. 25 Map insertion return value is ignored Informational
  26. 26 Potential truncation on reading and writing Programs, Deployments, and Executions Low
  27. 27 StatePath::verify accepts invalid states Informational
  28. 28 Potential panic in encryption/decryption circuit generation Informational
  29. 29 Variable timing of certain cryptographic functions Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related