Scroll ZkEVM Wave 3

Findings · 14

1. 1 Aggregated public input hash does not include coinbase or diculty Informational
2. 2 Use of account_hash_traces cells does not match specification Informational
3. 3 hash_traces skips invalid leaf hashes Informational
4. 4 Values in chunk_is_valid_cells are not constrained to be Boolean Informational
5. 5 The Sig circuit may reject valid signatures Low
6. 6 assigned_y_tmp is not constrained to be 87 bits Informational
7. 7 Aggregated proof verification algorithm is unspecified Informational
8. 8 Aggregation prover verifies each aggregated proof Informational
9. 9 KECCAK_ROWS environment variable may disagree with DEFAULT_KECCAK_ROWS constant Low
10. 10 Incorrect state transitions can be proven for any chunk by manipulating padding flags High
11. 11 RlcConfig::rlc_with_flag is incorrect Informational
12. 12 Accumulator representation assumes fixed-length field limbs Informational
13. 13 PlonkProof::read ignores extra entries in num_challenge Informational
14. 14 MAX_AGG_SNARKS values other than 10 may misbehave Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.