Skip to content

Possible Under-constraint Bug #142

New issue
New issue
Open
Open
Possible Under-constraint Bug#142
@autoDetector

Description

@autoDetector
autoDetector
opened on Nov 4, 2025

Vulnerable File: packages/circuits/src/lib/Card.circom
commit: d32b6982536ca217d4255b14e449e3859764c600

Line 42-44 use <-- which does not add constraints to the witness.

However, the constraint in line 45 candidateIndex === divisor * numCards + selectedIndex; does not fully constraint the signal numCards , selectedIndex, and divisor.

This may cause possible security issues.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions