Comments (5)
kcharbo3
commented on July 1, 2024
This is great, thank you!! Will go through and add them once I get a chance.
from zk-bug-tracker.
kcharbo3
commented on July 1, 2024
Took a dive into the Timing attacks paper, but after some research it looks like they may not be that serious?
https://forum.zcashcommunity.com/t/churning-zcash-for-maximum-anonymity-and-privacy/40705/2
Likely going to add the EEA-OASIS and Arkworks bugs. Still need to take a look into the remaining 3.
from zk-bug-tracker.
ytrezq
commented on July 1, 2024
Please also add Tornado Cash which was a classical missing constraint but the problem is https://crypto.stackexchange.com/q/103262
from zk-bug-tracker.
guidovranken
commented on July 1, 2024
Below are a few that I found. Don't know if they qualify for this project because they are bugs in the EC libraries rather than in circuits.
- blst: Modular inverse incorrect result
- blst: Inverse modulo hangs on i386 if input is 0 or multiple of modulo
- blst Using non-standard 'dst' parameter branches on uninitialized memory
- blst: NULL pointer dereference if msg is empty and aug is non-empty
- blst: NULL pointer dereference if point multiplier is zero-stripped
- blst: Branching on uninitialize memory
- blst: blst_fr_eucl_inverse incorrect result
- blst: blst_fp_is_square incorrect result on ARM
- Herumi mcl: Incorrect results with dst larger than 255 bytes
- Herumi mcl: map-to-curve incorrect result if both inputs are equivalent
- Herumi mcl: Incorrect result for G1 multiplication by Fp
- kilic-bls12-381: Fr FromBytes does not reduce value if value is modulus
- arkworks-algebra: multi_scalar_mul incorrect result if scalar exceeds curve order
- Constantine: Incorrect reduction of BigInt
- Constantine: BLS12-381 HashToCurve G1 incorrect result
from zk-bug-tracker.
yuliyu123
commented on July 1, 2024
Here are other zk bugs other security researchers found, I want to list here, please merge it if you think they are awesome:
- zksync zkevm: https://medium.com/chainlight/uncovering-a-zk-evm-soundness-bug-in-zksync-era-f3bc1b2a66d8 (Underconstrained)
- aztec connector: https://hackmd.io/@aztec-network/claim-proof-bug & https://medium.com/immunefi/aztec-multiple-spend-error-bugfix-review-20074581d224 (underconstrained)
from zk-bug-tracker.
Related Issues (7)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zk-bug-tracker.