Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic site

Assessment reports>Barretenberg Bigfield>Discussion>Missing maximum-bit number checks in constructor

GeneralOverview

Findings

Informational (2)

DiscussionMaturity of the codebase and lack of specifications Concrete examples for assumptions for bounds and how to document them Undocumented assumption regarding meaning of bigfield fields Functioning of evaluate_non_native_field_multiplication Assumptions regarding bit width of the modulus Behavior in simulator mode Handling of too large ranges in uint256_t::slice Missing maximum-bit number checks in constructor Fix for decompose_into_bits Overflow checks for unreduced elements Prime limb witness indexes equality check in operator- and operator+Inefficient loops Possible shaper bounds Unnecessary assert in mul_product_overflows_crt_modulus Unnecessary reductons in operator+Unreachable code Misleading names of functions or variables Improvements for comments/documentation

Audit ResultsAssessment Results

Missing maximum-bit number checks in constructor

For the following bigfield constructor, the maximum_bitlength argument is used to determine how many bits wide the most significant binary limb will be. The case of maximum_bitlength > 4*NUM_LIMB_BITS is not intended to be supported by the function; we recommend to assert this in the constructor.

template <typename Builder, typename T>
bigfield<Builder, T>::bigfield(const field_t<Builder>& low_bits_in,
                               const field_t<Builder>& high_bits_in,
                               const bool can_overflow,
                               const size_t maximum_bitlength)
{
    ASSERT((can_overflow == true && maximum_bitlength == 0) ||
           (can_overflow == false && (maximum_bitlength == 0 || maximum_bitlength > (3 * NUM_LIMB_BITS))));
+   ASSERT(maximum_bitlength <= 4*NUM_LIMB_BITS)

Zellic © 2025Back to top ↑