You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
None beyond the code repositories & official documentation
Spartan ECDSA
Spartan ECDSA provides a library of circuits for fast-ECDSA signature verification.
The contracts of Spartan ECDSA Repo were reviewed over 16 days. The code review was performed by 1 auditor between June 19 and July 5, 2023. The repository was under active development during the review, but the review was limited to the latest commit at the start of the review. This was the latest commit in the Yacademy fork repo of Spartan ECDSA.
Scope
The scope of the review consisted of the following contracts at the specific commit:
add.circom
double.circom
mul.circom
tree.circom
eff_ecdsa.circom
pubkey_membership.circom
poseidon.circom
This review is a code review to identify potential vulnerabilities in the code. The reviewers did not investigate security practices or operational security and assumed that privileged accounts could be trusted. The reviewers did not evaluate the security of the code relative to a standard or specification. The review may not have identified all potential attack vectors or areas of vulnerability.
yAcademy and the auditors make no warranties regarding the security of the code and do not warrant that the code is free from defects. yAcademy and the auditors do not represent nor imply to third parties that the code has been audited nor that the code is free from defects. By deploying or using the code, Spartan ECDSA and users of the contracts agree to use the code at their own risk.
Findings are broken down into sections by their respective impact:
Critical, High, Medium, Low impact
These are findings that range from attacks that may cause loss of funds, impact control/ownership of the contracts, or cause any unintended consequences/actions that are outside the scope of the requirements
Gas savings
Findings that can improve the gas efficiency of the contracts
Informational
Findings including recommendations and best practices
Only 1 informational finding is being reported.
Critical Findings
None.
High Findings
None.
Medium Findings
None.
Low Findings
None.
Informational Findings
1. Informational - No constraints on input signals
Technical Details
Likely due to a desire to reduce the number of constraints to a bare minimum, there are no constraints on input signals in any of the circuits. This could potentially cause issues for third party developers who use Spartan ECDSA.
Impact
Informational.
Recommendation
In order to keep the number of constraints to a minimum, simply document the absence of input signal constraints clearly and suggest that they be validated in the application code.
Final remarks
The code is well written and the auditor did not find any vulnerabilites that would cause significant impact. However, again, please note that the absence of findings in this report does not ensure the absence of vulnerabilities.
The text was updated successfully, but these errors were encountered:
yAcademy Spartan ECDSA Review
Auditors:
Table of Contents
Review Summary
Review Resources:
Spartan ECDSA
Spartan ECDSA provides a library of circuits for fast-ECDSA signature verification.
The contracts of Spartan ECDSA Repo were reviewed over 16 days. The code review was performed by 1 auditor between June 19 and July 5, 2023. The repository was under active development during the review, but the review was limited to the latest commit at the start of the review. This was the latest commit in the Yacademy fork repo of Spartan ECDSA.
Scope
The scope of the review consisted of the following contracts at the specific commit:
This review is a code review to identify potential vulnerabilities in the code. The reviewers did not investigate security practices or operational security and assumed that privileged accounts could be trusted. The reviewers did not evaluate the security of the code relative to a standard or specification. The review may not have identified all potential attack vectors or areas of vulnerability.
yAcademy and the auditors make no warranties regarding the security of the code and do not warrant that the code is free from defects. yAcademy and the auditors do not represent nor imply to third parties that the code has been audited nor that the code is free from defects. By deploying or using the code, Spartan ECDSA and users of the contracts agree to use the code at their own risk.
Code Evaluation Matrix
Findings Explanation
Findings are broken down into sections by their respective impact:
Only 1 informational finding is being reported.
Critical Findings
None.
High Findings
None.
Medium Findings
None.
Low Findings
None.
Informational Findings
1. Informational - No constraints on input signals
Technical Details
Likely due to a desire to reduce the number of constraints to a bare minimum, there are no constraints on input signals in any of the circuits. This could potentially cause issues for third party developers who use Spartan ECDSA.
Impact
Informational.
Recommendation
In order to keep the number of constraints to a minimum, simply document the absence of input signal constraints clearly and suggest that they be validated in the application code.
Final remarks
The code is well written and the auditor did not find any vulnerabilites that would cause significant impact. However, again, please note that the absence of findings in this report does not ensure the absence of vulnerabilities.
The text was updated successfully, but these errors were encountered: