Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1mNzdxLXI1cW0tdzRtOM4ABAyf

sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic

The Gnark recursion circuit constrains arithmetic over BabyBear when the native field of the ZKP circuit is the BN254 scalar field. Proper implementation of this logic requires range checking Bn254 values to be less than the BabyBear modulus.

In versions < 1.2.0, functions like InvF and InvE used values generated by hints that were not appropriately range checked. These issues are resolved in versions 1.2.0 and higher, by adding range checks in the appropriate places. This code was covered under the original audit scope of the recursion circuit audit by Veridise, and both Veridise and Kalos revisited the code for similar issues and found no additional vulnerabilities.

This issue was discovered by the Succinct team on September 3rd. The issue was fixed and resolved within 48 hours, and released with V1.2.0 (note that a later V2.0.0 release has the same contents as V1.2.0 to respect semver), with production SP1 users being notified and upgraded immediately. The V1.1.0 verifier was frozen on September 4th to ensure that no one uses versions of SP1 with this bug.

Permalink: https://github.com/advisories/GHSA-f77q-r5qm-w4m8
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNzdxLXI1cW0tdzRtOM4ABAyf
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 23 days ago
Updated: 23 days ago

CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Identifiers: GHSA-f77q-r5qm-w4m8
References:

• https://github.com/succinctlabs/sp1/security/advisories/GHSA-f77q-r5qm-w4m8
• https://github.com/succinctlabs/sp1/commit/8600d4aa63184ce3df7ccd30c79ac0388eacca52
• https://github.com/advisories/GHSA-f77q-r5qm-w4m8

Repository: https://github.com/succinctlabs/sp1
Blast Radius: 1.0

Affected Packages