You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are currently 2 main ways for the entry balances to enter the circuit:
CSV (which are then feed into MstInclusionCircuit)
directly to MstInclusionCircuit
When balances are fed from the CSV, they are converted from str to big_uint by BigUint::parse_bytes() from num-bitint=0.4.
If the user put in entry balances directly in the circuit, it is converted from big_uint to Fp with Fp::from_str_vartime() in the big_uint_to_fp() function. This uses the halo2_proofs::halo2curves::{bn256::Fr as Fp} crate.
Simple sanitization tests with inputs of negative numbers and strings with alphabet characters have been done and they were successfully caught by the above mentioned crates. However, the sanitization robustness of the 2 crates have not been investigated or thoroughly tested. Furthermore, they could be subject to change in future versions. This can have material impact on Summa should these crates be upgraded without proper sanitization testing.
The text was updated successfully, but these errors were encountered:
Describe the observation
There are currently 2 main ways for the entry balances to enter the circuit:
MstInclusionCircuit)MstInclusionCircuitWhen balances are fed from the CSV, they are converted from
strtobig_uintbyBigUint::parse_bytes()fromnum-bitint=0.4.If the user put in entry balances directly in the circuit, it is converted from
big_uinttoFpwithFp::from_str_vartime()in thebig_uint_to_fp()function. This uses thehalo2_proofs::halo2curves::{bn256::Fr as Fp}crate.More work has been done on this PR by @sebastiantf.
Additional context
Simple sanitization tests with inputs of negative numbers and strings with alphabet characters have been done and they were successfully caught by the above mentioned crates. However, the sanitization robustness of the 2 crates have not been investigated or thoroughly tested. Furthermore, they could be subject to change in future versions. This can have material impact on Summa should these crates be upgraded without proper sanitization testing.
The text was updated successfully, but these errors were encountered: