zkDaily - 2025-11-13

零知识证明 zkDaily

ZKP Frontier Tracker 🎯

Thu

11.13

2025

Blog

Circom Pitfalls Part 2: Output Constraints, Input Assumptions, and Signed Comparisons https://blog.zksecurity.xyz/posts/circom-pitfalls-2/

ZKSecurity Circom Vulnerabilities

@zksecurityXYZ in blog discussed common traps in Circom, including missing output constraints, unverified input assumptions, and signed comparison operators.

Notes

Output constraints are common vulnerabilities, such as IsEqual output not forced to 1 can be exploited by malicious users
Input assumptions can cause AND gate output errors, need to add boolean constraints like flag*(flag-1)=0
Circom comparison operators are based on signed integers, val function maps elements to (-p/2, p/2] interval
Large integer templates like BigLessThan output without constraints can allow out-of-bound inputs, need to explicitly check outputs
Security best practices: always explicitly constrain component outputs and inputs, avoid relying on implicit assumptions
Comparison operators' signed semantics may cause p/2 > p/2+1 etc. counterintuitive results, need to pay attention to witness generation

Collected by @icerdesign