Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SafeLessThan is unsafe #15

Open
0xDatapunk opened this issue Oct 7, 2024 · 2 comments
Open

SafeLessThan is unsafe #15

0xDatapunk opened this issue Oct 7, 2024 · 2 comments
Assignees
@0x471
Labels
audit 🔍 This issue is related to an audit. bug 🐛 Something isn't working good first issue Good for newcomers

Comments

@0xDatapunk
Copy link

0xDatapunk commented Oct 7, 2024
edited
Loading

zk-kit.circom/packages/utils/src/safe-comparators.circom

Line 16 in 326cef9

n2b = Num2Bits_strict()(in[0] + (1<<n) - in[1]);

the inputs are not constrained to be in the range of n. A counter example is

Found SafeLessThan counter example:
n: 8
in: [1000, 512]
Expected: 0 Got: 1

A suggested change:

template SafeLessThan(n) {
    assert(n <= 252);
    signal input in[2];
    signal output out;

    // Constrain inputs to n bits
    component range_check[2];
    for (var i = 0; i < 2; i++) {
        range_check[i] = Num2Bits(n);
        range_check[i].in <== in[i];
    }

    component n2b = Num2Bits();
    n2b.in <== in[0] + (1<<n) - in[1];

    out <== 1 - n2b.out[n];
}
@cedoor cedoor added the audit 🔍 This issue is related to an audit. label Oct 14, 2024
@cedoor cedoor added this to ZK-Kit Oct 14, 2024
@github-project-automation github-project-automation bot moved this to 📋 Backlog in ZK-Kit Oct 14, 2024
@cedoor cedoor added the bug 🐛 Something isn't working label Oct 14, 2024
@cedoor cedoor added the good first issue Good for newcomers label Oct 24, 2024
@cedoor cedoor moved this from 📋 Backlog to ♻️ Grooming in ZK-Kit Oct 24, 2024
@0x471
Copy link
Contributor

0x471 commented Dec 27, 2024

Hi, can I work on this issue? @0xDatapunk @cedoor

@cedoor
Copy link
Member

cedoor commented Jan 3, 2025

Hi @0x471, we only assign one task at a time to contributors, you can work on other tasks as soon as #14 is closed.

@cedoor cedoor moved this from ♻️ Grooming to 🏗 In Progress in ZK-Kit Jan 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@0x471 0x471

Labels
audit 🔍 This issue is related to an audit. bug 🐛 Something isn't working good first issue Good for newcomers
Projects
ZK-Kit
Status: 🏗 In Progress
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cedoor @0x471 @0xDatapunk