Skip to content

Commit c6d4fb8

Browse files
Rumata888Rumata888
authored
chore: bug list (#13773)
Add a bug list for auditors
1 parent 65a9f33 commit c6d4fb8

File tree

1 file changed

+22
-0
lines changed

1 file changed

+22
-0
lines changed

barretenberg/security/entomaxy/List of security bugs.md

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
# Collection of bugs found in barretenberg
2+
3+
This list is a collection of bugs. Its goal is to help developers, auditors and security researchers to find and fix bugs in the barretenberg library.
4+
5+
## List of bugs
6+
7+
| BarVD-ID | Component | Short description | Type | Potential Impact | Mechanism of finding | Found with a tool? | Found internally (yes or no) | Found by | Link to issue | Link to fix | Link to description |
8+
|-----------|-----------|-------------------|------|------------------|----------------------|-------------------|------------------------------|-----------|--------------|------------|---------------------|
9+
| BarVD-001 | Bigfield stdlib primitive| insufficient constraint for non-native field arithmetic | Soundness | fraudulent recursive proofs | Manual code review | No | Yes | | | | [Description](https://medium.com/@jaosef/54dff729a24f) |
10+
| BarVD-002 | Account circuit | nullifier mechanism broke privacy | Information leak | - | Manual code review | No | Yes | | | | [Description](https://medium.com/@jaosef/54dff729a24f) |
11+
| BarVD-003 | Join-split circuit | account nonce not included in encrypted note | Soundness | Deprecated account could spend notes | Manual code review | No | Yes | | | | [Description](https://medium.com/@jaosef/54dff729a24f) |
12+
| BarVD-004 | Join-split circuit | lack of range constraints for the `tree_index` variable | Soundness | Double spending | Manual code review | No | Yes | Wedderburn | | | [Description](https://hackmd.io/@aztec-network/disclosure-of-recent-vulnerabilities) |
13+
| BarVD-005 | Bigfield stdlib primitive | insufficient range checks while emulating non-native field operations | Soundness | Fraudulent recursive proofs | Manual code review | No | No | Xin Gao and Onur Kilic | | | [Description](https://hackmd.io/@aztec-network/disclosure-of-recent-vulnerabilities) |
14+
| BarVD-006 | In-circuit pedersen hash | underconstrained 2-bit window representation of field elements | Soundness | Double spending | Manual code review | No | Yes | @arielgabizon | | | [Description](https://medium.com/aztec-protocol/vulnerabilities-found-in-aztec-2-0-9b80c8bf416c) |
15+
| BarVD-007 | Join-split circuit | incorrect note position check | Completeness | Denial of service | Manual code review | No | Yes | @arielgabizon | | | [Description](https://medium.com/aztec-protocol/vulnerabilities-found-in-aztec-2-0-9b80c8bf416c) |
16+
| BarVD-008 | Rollup circuit | point aggregation in the rollup circuit doesnn't incldue join-split proof points | Soundness | Recursively proving fraudulent proofs | Manual code review | No | Yes | @arielgabizon | | | [Description](https://medium.com/aztec-protocol/vulnerabilities-found-in-aztec-2-0-9b80c8bf416c) |
17+
| BarVD-009 | PRNG | Mersenne Twister in production | Use of insecure PRNG| Leak of entropy | Manual code review | No | No | Daira Hopwood and Sean Bowe | | | [Description](https://medium.com/aztec-protocol/vulnerabilities-found-in-aztec-2-0-9b80c8bf416c) |
18+
| BarVD-010 | PRNG | 256-bit random number used for generating a random field element in a 254-bit field | Use of insecure cryptographic primitive | Biased random number | Manual code review | No | No | Daira Hopwood and Sean Bowe | | | [Description](https://medium.com/aztec-protocol/vulnerabilities-found-in-aztec-2-0-9b80c8bf416c) |
19+
| BarVD-011 | Join-split circuit | Note commitment and contents are not validated to correspond | Soundness | Phishing | Manual code review | No | Yes | @arielgabizon | | | [Description](https://medium.com/aztec-protocol/vulnerabilities-found-in-aztec-2-0-9b80c8bf416c) |
20+
| BarVD-012 | Account circuit | same public key can be used for multiple accounts | Soundness | Spending other person's funds | Manual code review | No | Yes | @arielgabizon | | | [Description](https://hackmd.io/@aztec-network/HJDt63w69?type=view) |
21+
| BarVD-013 | Join-split circuit | public key nullifier uses only the x coordinate of the public key | Soundness | Spending other person's funds | Manual code review | No | Yes | @arielgabizon | | | [Description](https://hackmd.io/@aztec-network/HJDt63w69?type=view) |
22+
| BarVD-014 | claim-proof circuit | incorrect implementation of integer arithemtic in field | Soundness | Draining rollup funds | Manual code review | No | No | [@lucash-dev](https://github.com/lucash-dev) | | | [Description](https://hackmd.io/@aztec-network/claim-proof-bug) |

0 commit comments

Comments
 (0)