Assessment reports>Barretenberg Bigfield>Medium findings>Equation checks not enforced
Category: Coding Mistakes

Equation checks not enforced

Medium Severity
Low Impact
Low Likelihood

Description

The function evaluate_linear_identity is used to check the linear identity . In the bigfield constructor, this function is used to constrain the construction of the low bits of the argument to be equal to limb_0 + limb_1 << 68. The function is used similarly for the highest bits of the argument. However, in case all the arguments of evaluate_linear_identity are marked as constant, the check is not enforced:

void field_t<Builder>::evaluate_linear_identity(const field_t& a, const field_t& b, const field_t& c, const field_t& d)
{
    Builder* ctx = a.context == nullptr
                       ? (b.context == nullptr ? (c.context == nullptr ? d.context : c.context) : b.context)
                       : a.context;

    if (a.witness_index == IS_CONSTANT && b.witness_index == IS_CONSTANT && c.witness_index == IS_CONSTANT &&
        d.witness_index == IS_CONSTANT) {
        return;
    }

In fact, nothing further is done, and the function returns.

The problem is also present in the function evaluate_polynomial_identity, but in this case, the relation to be checked is . Again, if the arguments are constants, then the function simply returns.

Impact

The previous identity could be wrong for some constants and still pass the check. In the bigfield component, the two functions are likely only called in branches in which at least one of the arguments will not be constant, so this case is not hit. Impact for other callers depends on usage.

Recommendations

In case the arguments are constant, assert the equality of the identity for the values.

Remediation

This issue has been acknowledged by Aztec, and a fix was implemented in commit dad2c05e.

Zellic © 2025Back to top ↑