Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unchecked output of LessEqThan Circuit #1235

Closed
ctrlc03 opened this issue Feb 23, 2024 · 0 comments
Closed

Unchecked output of LessEqThan Circuit #1235

ctrlc03 opened this issue Feb 23, 2024 · 0 comments
Assignees
Labels
bug Something isn't working documentation Improvements or additions to documentation Security

Comments

@ctrlc03
Copy link
Collaborator

ctrlc03 commented Feb 23, 2024

The validCreditBalance circuit is meant to ensure that the user’s previous balance is less than or equal to the new credit balance after a topup. If the topup amount is too large, it can cause an overflow, so this circuit would then output 0. However, the output of this circuit is never checked.

Since the topup amount has to be larger than 252 bits, this event is extremely unlikely, and thus this issue is minor.

Location.

component validCreditBalance = LessEqThan(252);

Fixed by #1225 with docs update too

@ctrlc03 ctrlc03 added this to MACI Feb 23, 2024
@ctrlc03 ctrlc03 converted this from a draft issue Feb 23, 2024
@ctrlc03 ctrlc03 self-assigned this Feb 23, 2024
@ctrlc03 ctrlc03 added bug Something isn't working documentation Improvements or additions to documentation Security labels Feb 23, 2024
@ctrlc03 ctrlc03 closed this as completed Feb 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working documentation Improvements or additions to documentation Security
Projects
Status: Done
Development

No branches or pull requests

1 participant