ZKP Frontier Tracker 🎯
零知识证明 前沿热点追踪 🎯
Thu 星期四
11.13
2025
https://blog.zksecurity.xyz/posts/circom-pitfalls-2/
@zksecurityXYZ in blog discussed common traps in Circom, including missing output constraints, unverified input assumptions, and signed comparison operators. @zksecurityXYZ 在博客中讨论了Circom电路设计中的常见陷阱,包括输出约束缺失、输入假设未验证和比较运算的符号问题,强调了安全性漏洞的预防措施。
Notes
- Output constraints are common vulnerabilities, such as IsEqual output not forced to 1 can be exploited by malicious users
- Input assumptions can cause AND gate output errors, need to add boolean constraints like flag*(flag-1)=0
- Circom comparison operators are based on signed integers, val function maps elements to (-p/2, p/2] interval
- Large integer templates like BigLessThan output without constraints can allow out-of-bound inputs, need to explicitly check outputs
- Security best practices: always explicitly constrain component outputs and inputs, avoid relying on implicit assumptions
- Comparison operators' signed semantics may cause p/2 > p/2+1 etc. counterintuitive results, need to pay attention to witness generation