Skip to content

fix: added missing range checks in ShaBytesDynamic #579

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jun 3, 2025
Merged

fix: added missing range checks in ShaBytesDynamic #579

merged 8 commits into from
Jun 3, 2025

Conversation

@ArmanKolozyan
Copy link
Contributor

@ArmanKolozyan ArmanKolozyan commented May 28, 2025

This pull request adds a missing range check in the ShaBytesDynamic template to address the vulnerability described in the following issue:

  • Missing Range Constraints for Sha256Bytes Allow Forged Inputs to Pass Verification #578
    The Sha256Bytes template assumes that the input length (in_len_padded_bytes * 8) is constrained to fit within ceil(log2(8 * max_num_bytes)) bits. However, this assumption is not enforced at the call sites in this project. In particular, in_len_padded_bytes * 8 is passed to subtemplates like Sha256General, where it is used in comparison and selector logic without first constraining it to the required bitwidth.

To fix this, we add an explicit Num2Bits constraint on in_len_padded_bytes * 8 inside ShaBytesDynamic.

This prevents potential overflow-based exploits that could bypass internal constraints and produce incorrect outputs while still satisfying the circuit.

Closes #578.

motemotech and others added 4 commits April 17, 2025 15:57
@motemotech
make contract sdk simpler (selfxyz#514)
847b88d 
* make contract sdk simpler

* reduce root inputs

* delete convert function

* summarize our library

* update npm package

* update package version

* update attestation id

* add util function to get revealed data
@remicolin
Revert "make contract sdk simpler (selfxyz#514)" (selfxyz#518)
b841f28 
This reverts commit 847b88d.
@ArmanKolozyan
fix: added missing range checks in ShaBytesDynamic
f29aa5e
@ArmanKolozyan
fix import
6b5c32c
@remicolin
Copy link
Collaborator

remicolin commented May 30, 2025
edited
Loading

hey @ArmanKolozyan, nice catch!
thanks for raising this PR, we'll have to add the same range check to Sha1Bytes
could you dm me on telegram so we can keep chatting about the issue?

@remicolin remicolin changed the base branch from main to dev May 30, 2025 16:30
@ArmanKolozyan
Copy link
Contributor Author

ArmanKolozyan commented May 30, 2025

Thanks a lot for the quick response, and I just DMed you on Telegram!

@ArmanKolozyan
Copy link
Contributor Author

ArmanKolozyan commented May 30, 2025
edited
Loading

@remicolin Just wanted to let you know that I added the range check for Sha1Bytes and also documented the assumptions in both Sha1Bytes and Sha1General. Please let me know if there is anything else I can do to help get these changes ready for merging!

@remicolin remicolin self-requested a review June 3, 2025 11:18
@remicolin remicolin merged commit 0c8c873 into selfxyz:dev Jun 3, 2025
1 check passed
remicolin added a commit that referenced this pull request Jun 12, 2025
@remicolin
Revert "fix: added missing range checks in ShaBytesDynamic (#579)"
17beff9 
This reverts commit 0c8c873.
@remicolin remicolin mentioned this pull request Jun 12, 2025
Merged
remicolin added a commit that referenced this pull request Jun 12, 2025
@remicolin
Revert "fix: added missing range checks in ShaBytesDynamic (#579)" (#617
81afb0b 
)

This reverts commit 0c8c873.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@remicolin remicolin remicolin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing Range Constraints for Sha256Bytes Allow Forged Inputs to Pass Verification

3 participants

@ArmanKolozyan @remicolin @motemotech