Sprint-2 Audit Report by gafram

[gafram]

yAcademy Spartan-ECDSA Review

Auditors:

• gafram

Table of Contents

• Review Summary
• Scope
• Findings Explanation
• Critical Findings
• High Findings
• Medium Findings
• Low Findings
• Informational Findings
• Final remarks

Review Summary

Spartan-ECDSA

The contracts of the Spartan-ECDSA Repo were reviewed over 16 days. The code review was performed between 19st June and 5th July, 2023. The repository was under active development during the review, but the review was limited to the latest commit at the start of the review. This was commit 3386b30.

Scope

The scope of the review consisted of the following contracts at the specific commit:

• eff_ecdsa.circom
• tree.circom
• add.circom
• double.circom
• mul.circom
• poseidon.circom
• pubkey_membership.circom

Findings Explanation

Findings are broken down into sections by their respective impact:

• Critical, High, Medium, Low impact
  • These are findings that range from attacks that may cause loss of funds, impact control/ownership of the contracts, or cause any unintended consequences/actions that are outside the scope of the requirements
• Gas savings
  • Findings that can improve the gas efficiency of the contracts
• Informational
  • Findings including recommendations and best practices

---

Critical Findings

None.

High Findings

None.

Medium Findings

None.

Low Findings

None

Informational Findings

1. Informational - Unused bits variable.

The variable - bits is not used in template.

    template EfficientECDSA() {
        var bits = 256;
        signal input s;
        signal input Tx; // T = r^-1 * R
        signal input Ty; 

Recommendation

Remove unused variable

Final remarks

The observed code is written based on well known tested code base. There are no critical, high, medium, low vulnerabilities in the code.

[gafram]

nothing report(