Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Zellic Audit] fix fp254impl issues #328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Oct 10, 2025
Merged

[Zellic Audit] fix fp254impl issues #328

merged 6 commits into from
Oct 10, 2025

Conversation

@Hakkush-07
Copy link
Collaborator

@Hakkush-07 Hakkush-07 commented Aug 6, 2025

This PR fixes findings (Malte 1), (Malte 15), (Mohit 12) in the list.

Malte 1

Optimization: ROT, SWAP, ROT in Fp254Impl::add

In Fp254Impl::add in bitvm/src/bn254/fp254impl.rs, there is the following passage:
rust
OP_ROT
OP_SWAP
OP_ROT
this is equivalent to a single OP_SWAP.

Malte 15

Observation: Functions specific for Fq implemented in the Fp254Impl trait

Various functions are implemented for the Fp254Impl trait that however operate specifically on Fq, which is only one specific type that implements Fp254Impl. The type Fr is another one implementing Fp254Impl, so counterintuitively, Fr::hinted_mul is a function operating on Fq rather than Fr.

Note also that some of these functions utilize Self, which might refer to an uninted type, for example Fr, instead of the intended Fq. At the moment, the usages of Self are only related to accessing the number of limbs and similar, which are the same in all implementations of Fp254Impl present in the current code base.

These issues appear in the functions in bitvm/src/bn254/fp254impl.rs from hinted_mul to hinted_inv.

While we have not observed an issue in the current state of the codebase connected to this (so far at least), unintuitive behavior like this can cause developer mistakes in the future.

We recommend to move these functions to an implementation for Fq specifically.

Mohit 12

Fp254Impl::neg has a manually unrolled loop and will fail if N_LIMBS is not 9.

eigmax
eigmax reviewed Aug 18, 2025
View reviewed changes
bitvm/src/bn254/fp254impl.rs
for i in 0..Self::N_LIMBS-1 {
{ Self::MODULUS_LIMBS[i as usize] } OP_SWAP
if i == 0 {
{ 2_usize.pow(U254::LIMB_SIZE) }
Copy link
Contributor

@eigmax eigmax Aug 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question here: we can use 0x20000000 here for whatever N_LIMBS, yes?

@just-erray just-erray deleted the fp254impl branch September 12, 2025 11:50
@Hakkush-07 Hakkush-07 restored the fp254impl branch September 12, 2025 13:12
@Hakkush-07 Hakkush-07 merged commit f9e11ba into BitVM:main Oct 10, 2025
5 checks passed
@Hakkush-07 Hakkush-07 deleted the fp254impl branch October 10, 2025 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@eigmax eigmax eigmax approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Hakkush-07 @eigmax