zkDaily - 2025-06-26

零知识证明 zkDaily

ZKP Frontier Tracker 🎯

Thu

06.26

2025

Blog

Circom Pitfalls: Common Anti-Patterns and How to Avoid Them https://blog.zksecurity.xyz/posts/circom-pitfalls-1/

zksecurity.xyz Circom Security

@zksecurityXYZ discussed common anti-patterns in Circom programming in blog, focusing on non-constraint operator assert and <--, and alias attacks caused by finite field arithmetic.

Notes

assert would not generate constraints, only used for template parameter security checks.
Manual constraints must be added when using the <-- operator to prevent security vulnerabilities.
Finite field arithmetic may cause alias attacks, especially when encoding numbers.
Bits2Num_strict and Num2Bits_strict can be used to prevent alias attacks.
Developers should avoid using assert for signals and should only use it for template parameters.
Separating computation and constraints can improve performance, but all calculations must be appropriately constrained.

Collected by @icerdesign