Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Barretenberg Bigfield>Discussion>Overflow checks for unreduced elements
GeneralOverview
Findings
Critical (7)
Medium (2)
Low (6)
Informational (2)
DiscussionMaturity of the codebase and lack of specificationsConcrete examples for assumptions for bounds and how to document themUndocumented assumption regarding meaning of bigfield fieldsFunctioning of evaluate_non_native_field_multiplicationAssumptions regarding bit width of the modulusBehavior in simulator modeHandling of too large ranges in uint256_t::sliceMissing maximum-bit number checks in constructorFix for decompose_into_bitsOverflow checks for unreduced elementsPrime limb witness indexes equality check in operator- and operator+Inefficient loopsPossible shaper boundsUnnecessary assert in mul_product_overflows_crt_modulusUnnecessary reductons in operator+Unreachable codeMisleading names of functions or variablesImprovements for comments/documentation
Audit ResultsAssessment Results

Overflow checks for unreduced elements

Many bigfield functions require the individual binary limbs and full value to satisfy certain bounds for proper functioning. The reduction_check function checks whether these bounds are satisfied, and if not, it carries out a reduction to replace the element with another representation that does satisfy those bounds.

Note that in particular this means that reduction_check must be able to handle input that does not satisfy the usual bounds. The function, however, also requires certain bounds to be satisfied to function properly. For example, bigfield elements where limbs have maximum values bigger than or equal to the native circuit prime modulus do not represent a well-defined unsigned integer anymore, and hence this occurring should be ruled out. While this is very unlikely to happen on normal usage, for defense in depth, we recommend to assert that the maximum value of all limbs is less than the native circuit prime modulus in reduction_check.

Zellic © 2025Back to top ↑