Scroll zkTrie

Findings · 19

1. 1 Lack of domain separation allows proof forgery High
2. 2 Lack of proof validation causes denial of service on the verifier Medium
3. 3 Two incompatible ways to generate proofs Informational
4. 4 BuildZkTrieProof does not populate NodeAux.Value Low
5. 5 Leaf nodes with dierent values may have the same hash High
6. 6 Empty UpdatePreimage function body Informational
7. 7 CanonicalValue is not canonical Informational
8. 8 ToSecureKey and ToSecureKeyBytes implicitly truncate the key Informational
9. 9 Unused key argument on the bridge_prove_write function Informational
10. 10 The PreHandlingElems function panics with an empty elems array Medium
11. 11 The hash_external function panics with integers larger than 32 bytes Low
12. 12 Mishandling of cgo.Handles causes runtime errors Medium
13. 13 Unnecessary unsafe pointer manipulation in Node.Data() Informational
14. 14 NewNodeFromBytes does not fully validate its input Informational
15. 15 init_hash_scheme is not thread-safe Informational
16. 16 Safe-Rust ZkMemoryDb interface is not thread-safe High
17. 17 Some Node functions return the zero hash instead of errors Informational
18. 18 get_account can read past the buer High
19. 19 Unchecked usize to c_int casts allow hash collisions by length misinterpretation High

Findings extracted from the published report PDF. See the full report below for details and remediation.