AddCard lacks bounds on index
Vulnerable File: packages/circuits/src/lib/Card.circom
commit: d32b6982536ca217d4255b14e449e3859764c600
If index >= size, nothing is updated (all IsEqual comparisons are 0), yet the circuit still satisfies constraints. If the calling logic assumes the update must occur, this can be abused.
AddCard lacks bounds on index
Vulnerable File:
packages/circuits/src/lib/Card.circomcommit:
d32b6982536ca217d4255b14e449e3859764c600If index >= size, nothing is updated (all IsEqual comparisons are 0), yet the circuit still satisfies constraints. If the calling logic assumes the update must occur, this can be abused.