RISC0-ZKVM, Circuit Constraint Bypass, CVE-2023-XXXX (Critical)

By /

Listen to this Post

How the CVE Works

The vulnerability arises due to a missing constraint in the `rv32im` circuit of RISC0-ZKVM (versions 2.0.0–2.0.2). A malicious prover can exploit this flaw by submitting specially crafted 3-register RISC-V instructions (e.g., remu, divu). The lack of proper constraints allows the attacker to trick the RISC-V virtual machine into treating the `rs1` and `rs2` registers as identical, leading to incorrect computations and potential security breaches. This could enable unauthorized proof validation, compromising the integrity of zero-knowledge virtual machine executions.

DailyCVE Form

Platform: RISC0-ZKVM
Version: 2.0.0–2.0.2
Vulnerability: Circuit Constraint Bypass
Severity: Critical
Date: 2023-XX-XX

Prediction: Patch expected 2023-XX-XX

What Undercode Say

Check risc0-zkvm version
cargo tree | grep risc0-zkvm
Mitigation command
cargo update risc0-zkvm --precise 2.1.0
Verify circuit constraints
risc0-verify --circuit rv32im

How Exploit

  • Malicious prover crafts 3-register instructions.
  • Bypasses rs1/rs2 register constraints.
  • Forces VM to compute incorrect results.

Protection from this CVE

  • Upgrade to risc0-zkvm 2.1.0.
  • Use official Verifier Router.
  • Audit custom verifier contracts.

Impact

  • Unauthorized proof validation.
  • Compromised zkVM integrity.
  • Smart contract manipulation.

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Scroll to Top