Trail of Bits
Audit Open Original ↗

Succinct ZK Light Client

Type

Security review

Client

Succinct Labs

Date

2023-02

Domain

Crypto

Effort

8 wks

Section

Ethereum/EVM

Trail of Bits's security review of Succinct Labs (Feb 2023) identified 14 issues: 5 high, 1 medium, 3 low, and 5 informational.

Findings · 14

  1. 1 Prover can lock user funds by including ill-formed BigInts in public key commitment High
  2. 2 Prover can lock user funds by supplying non-reduced Y values to G1BigIntToSignFlag High
  3. 3 Incorrect handling of point doubling can allow signature forgery High
  4. 4 EllipticCurveAdd mishandles points at infinity Informational
  5. 5 Circom circuits lack adequate testing framework Informational
  6. 6 Poseidon commitment uses a non-standard hash construction Informational
  7. 7 Merkle root reconstruction is vulnerable to forgery via proofs of incorrect length High
  8. 8 LightClient forced finalization could allow bad updates in case of a DoS High
  9. 9 G1AddMany does not check for the point at infinity Informational
  10. 10 TargetAMB receipt proof may behave unexpectedly on future transaction types Informational
  11. 11 RLPReader library does not validate proper RLP encoding Low
  12. 12 TargetAMB _executeMessage lacks contract existence checks Low
  13. 13 LightClient is unable to verify some block headers Medium
  14. 14 OptSimpleSWU2 Y-coordinate output is underconstrained Low

Findings extracted from the published report PDF. See the full report below for details and remediation.

Related