Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Session Token>Discussion>Misleading functions' name
GeneralOverview
Findings
Critical (1)
High (1)
Medium (1)
Low (1)
Informational (1)
DiscussionUnused and sometimes misleading functionsGas savingsMisleading functions' nameData desynchronizationRedundant checks
Threat ModelWhat are threat models?BN256G1.solBN256G2.solPairing.solRewardRatePool.solServiceNodeContribution.solServiceNodeContributionFactory.solServiceNodeRewards.solTokenConverter.solTokenVestingStaking.sol
Audit ResultsAssessment Results

Misleading functions' name

Functions named with suffix Jacobian in BN254G2 library are in fact not working with Jacobian coordinates but with projective coordinates. The point-addition algorithm for implemented by the function _ECTwistAddJacobian is described by formula 3 of this paper, "Efficient Elliptic Curve Exponentiation Using Mixed Coordinates". The point-doubling algorithm implemented by function _ECTwistDoubleJacobian is the implementation of formula 4 of the same paper. The point-doubling algorithm was later optimized in hyperelliptic.org. The library may benefit from those improvements. In the same way, the function _fromJacobian transforms projective into affine coordinates.

The function _ECTwistMulByCofactorJacobian is an implementation of the algorithm from the paper "Faster Hashing to " and is also not working on Jacobian coordinates.

The naming is misleading, and the lack of reference to the original algorithms may be error-prone for later developments.

Adding tests with test vectors coming from a source other than the library would improve the confidence in the implementation.

Session team implemented the suggested changes in with references to the implemented algorithms in the comments.

Zellic © 2024Back to top ↑