Trail of Bits
Audit Open Original ↗

Scroll Euclid Phase 1

Type

Security review

Client

Scroll

Date

2025-04

Domain

Blockchain

Effort

3 wks

Section

Scroll

Trail of Bits's security review of Scroll (Apr 2025) identified 8 issues: 2 high, 2 low, and 4 informational.

Findings · 8

  1. 1 The aggregation circuit does not validate the size of inner proofs High
  2. 2 Insufficient validation of chunk information and blob bytes in the batch circuit High
  3. 3 MPT migration code lacks unit tests Informational
  4. 4 Incorrect data present on BundleInfo Informational
  5. 5 Lax parsing of chunk data payload Informational
  6. 6 Docker release action is vulnerable to cache poisoning Low
  7. 7 Unpinned external GitHub CI/CD action versions Low
  8. 8 Potential credential persistence in artifacts and stale GitHub action Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related