Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic siteBack

Assessment reports>Nocturne>Threat Model>applySubtreeUpdate

GeneralOverview

Findings

Informational (1)

DiscussionGas tokens can be identified by index in Operation Schnorr signature documentation typo Redundant order-l check

Threat ModelWhat are threat models?BalanceManager.sol

CommitmentTreeManager.sol _handleJoinSplits _handleRefundNote applySubtreeUpdate

DepositManager.sol Handler.sol Teller.sol circuits

Audit ResultsSummary

Function: `applySubtreeUpdate(uint256 newRoot, uint256[8] proof)`

This updates the root of the offline Merkle tree given a valid proof that the new tree is the old tree with the expected notes inserted.

Inputs

newRoot
- Control: Arbitrary.
- Constraints: Must pass subtreeupdate circuit. Must not be past root hash.
- Impact: New root.
proof
- Control: Arbitrary.
- Constraints: Must pass subtreeupdate circuit.
- Impact: None.

Branches and code coverage

Intended branches

Subtree update succeeds.
Test coverage

Negative behavior

Subtree update fails due newRoot being a past root.
Negative test
Subtree update fails due to circuit-verification failure.
Negative test

Zellic © 2025Back to top ↑