Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Biconomy Secp256r1>Discussion>Documentation
GeneralOverview
Findings
High (3)
Informational (2)
DiscussionImpact of signature inconsistencyAddition bug analysisModular subtraction trickDocumentationPossible gas savings in `_jAdd`
Threat ModelWhat are threat models?Secp256r1.sol
Threat ModelVerification of correctness of elliptic curve arithmetic
Audit ResultsSummary

Documentation

While there are several comments in Secp256r1.sol, including NatSpec documentation, some of these are outdated. For example, the NatSpec parameters for Verify do not correspond to the actual parameters the function takes, and the description of the _jAdd function suggests this function computes a doubling.

Making the naming of variables in the _jAdd function (and to an extent, _modifiedJacobianDouble) more consistent would make it easier to verify correctness of the calculations. While the parameters are called p1, p2, p3, q1, q2, q3, the comments and variable names used in the function suggest x1, y1, z1, x2, y2, z2.

The comment before _modifiedJacobianDouble suggests this function is operating on modified Jacobian coordinates, but it actually uses the usual Jacobian coordinates. With modified Jacobian coordinates, one would pass four arguments, (x, y, z, w) where w=a*z^4.

Zellic © 2023Back to top ↑