Listen to this Post
How the CVE Works
The vulnerability exists in the `Steel.validateCommitment` function in versions prior to 2.1.1 and 2.2.0. A crafted commitment with a digest value of zero incorrectly returns true, violating the function’s intended semantics. Since a zero digest does not correspond to any valid block in the chain, this bypass could allow false validation if misused. However, exploitation requires additional flaws, such as improper zkVM proof verification or direct misuse of the library. Correctly implemented applications using Steel with zkVM proofs remain unaffected.
DailyCVE Form
Platform: Solidity
Version: <2.1.1, <2.2.0
Vulnerability: Validation bypass
Severity: Medium
Date: 2023-XX-XX
Prediction: Patch released (2.1.1, 2.2.0)
What Undercode Say
// Vulnerable code snippet if (commitment.digest == 0) return true;
// Fixed version require(commitment.digest != 0, "Invalid digest");
How Exploit
- Craft zero-digest commitment
- Bypass validation checks
- Requires misuse of Steel
Protection from this CVE
- Update to 2.1.1/2.2.0
- Enforce zkVM proof checks
- Follow ERC-20 example
Impact
- False validation possible
- No integrity risk (if used correctly)
- Requires secondary flaws
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
