Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sprint-1 Audit Report by gafram #5

Open
gafram opened this issue Jun 14, 2023 · 1 comment
Open

Sprint-1 Audit Report by gafram #5

gafram opened this issue Jun 14, 2023 · 1 comment

Comments

@gafram
Copy link

gafram commented Jun 14, 2023
edited
Loading

yAcademy RLN - Rate Limiting Nullifier Review

Review Resources:

Auditors:

Table of Contents

Review Summary

RLN - Rate Limiting nullifier

RLN (Rate-Limiting Nullifier) is a zk-gadget/protocol that enables spam prevention mechanism for anonymous environments.

The contracts of the RLN Repo were reviewed over 12 days. The code review was performed between 31st May and 12th June, 2023. The repository was under active development during the review, but the review was limited to the latest commit at the start of the review. This was commit 3707313 for the circom-rln repo.

Scope

The scope of the review consisted of the following contracts at the specific commit:

Findings Explanation

Findings are broken down into sections by their respective impact:

  • Critical, High, Medium, Low impact
    • These are findings that range from attacks that may cause loss of funds, impact control/ownership of the contracts, or cause any unintended consequences/actions that are outside the scope of the requirements
  • Gas savings
    • Findings that can improve the gas efficiency of the contracts

Critical Findings

None.

High Findings

None.

Medium Findings

None.

Low Findings

1. Low - Unused address input signal to be optimized by Circom

In the withdraw circuit input signal address was declared but never used in constraint. By default, Circom compiler optimized that kind of signals.

    template Withdraw() {
        signal input identitySecret;
        signal input address;

        signal output identityCommitment <== Poseidon(1)([identitySecret]);
    }

Recommendation

Explicitly add additional constraint on the input signal address.

Final remarks

There are no critical, high, medium vulnerabilities in the code. The findings related to the smart contract were not taken into consideration. An interesting technique is used to preserve the first degree of the polynomial in the Shamir's Secret Sharing. Should also note the need to update the documentation, there are some inconsistencies.
@gafram gafram changed the title Sprint1-Audit-Report by gafram Sprint1-Audit Report by gafram Jun 14, 2023
@gafram gafram changed the title Sprint1-Audit Report by gafram Sprint1 Audit Report by gafram Jun 14, 2023
@gafram gafram changed the title Sprint1 Audit Report by gafram Sprint-1 Audit Report by gafram Jun 14, 2023
@curryrasul
Copy link

Hi, thanks for your report!

Unused address input signal to be optimized by Circom

Good find! We'll add additional constraint.

@curryrasul curryrasul mentioned this issue Jun 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@curryrasul @gafram