Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Biconomy Secp256r1>Informational findings>Test coverage
GeneralOverview
Findings
High (3)
Informational (2)Invalid point is used for zeroTest coverage
DiscussionImpact of signature inconsistencyAddition bug analysisModular subtraction trickDocumentationPossible gas savings in `_jAdd`
Threat ModelWhat are threat models?Secp256r1.sol
Threat ModelVerification of correctness of elliptic curve arithmetic
Audit ResultsSummary
Category: Code Maturity

Test coverage

Informational Severity
Informational Impact
N/A Likelihood

Description

Only the Verify function is tested using the Wycheproof test vectors. It could be beneficial to also test other functions directly with unit tests.

Impact

Bugs such as that in section ref could have been found without the Wycheproof ECDSA test vectors, and the root cause could have been found more easily by testing _jAdd directly for common edge cases of elliptic curve addition.

Recommendations

Consider adding tests for other functions as well. Specifically for elliptic curve addition P + Q, edge cases to test for would be

  • P=0

  • Q=0

  • P=Q

  • P=-Q

Note that if, for example, P=(px:py:pz) and Q=(qx:qy:qz) in Jacobian coordinates, then P=Q is equivalent to px = c^2 * qx, py = c^3 * qy, and pz = c * qz, for some 0 < c < pp, with all equalities being modulo pp. Tests should thus also include cases P=Q where c is different than 1 (and similarly for the other three cases).

Remediation

Zellic © 2024Back to top ↑