Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic siteBack

Assessment reports>Brevis>Informational findings>Reduction ineffective in ,Values, function for ,Uint521

GeneralOverview

Findings

Informational (10)Padding incorrect for output-commitment computation No domain separation for commitments Incorrect specification for MinGeneric and MaxGeneric Ethereum header length checks for dynamic fields not checking Extra Endianess for Bytes32 Sign bit computed but not enabled in Select for Int248 Reduction ineffective in Values function for Uint521 Number of limbs of Uint521 not enforced Inconsistency in behavior of type conversions Low bit widths for Transaction fields

DiscussionVarious possible simplifications and optimizations Additional validation Lack of documentation or comments Minor recommendations Code duplication Consistent usage of named constants Lists and tuples' ambiguous behavior when used recursively Behavior of bits2Bytes and addOutput for circuit variables Incorrect hex string and parsing errors canceling each other out References to MiMC instead of Poseidon Unallocated inputs slots not constrained Keccak padding function pad10*1 Confusing function GroupBy Setup Verification of Poseidon constants Test suite

Audit ResultsAssessment Results

Category: Coding Mistakes

Reduction ineffective in `Values` function for `Uint521`

Informational Impact

Informational Severity

N/A Likelihood

Description

In sdk/api_uint521.go of the sdk repository, the Values function for the Uint521 type is implemented as follows:

func (v Uint521) Values() []frontend.Variable {
	u521Field.Reduce(v.Element)
	return v.Limbs
}

The call to Reduce will not change v.Element but only return the reduced value.

Impact

The current implementation does not match the intention to return the reduced limbs.

Recommendations

To return the reduced limbs, the function should be implemented as follows:

func (v Uint521) Values() []frontend.Variable {
	return u521Field.Reduce(v.Element).Limbs
}

Remediation

This issue has been acknowledged by Brevis, and a fix was implemented in commit ea757d48↗.

Zellic © 2025Back to top ↑