It seemed like this was a legacy repo, however, it may still lurk in the newest version maybe? https://github.com/hermeznetwork/circuits/blob/master/src/lib/utils-bjj.circom In L#12 `BitsCompressed2AySign`, the input signal `bjjCompressed` is not fully constrained. ``` for (i = 0; i < 254; i++) { b2nAy.in[i] <== bjjCompressed[i]; } ``` The `bjjCompressed[254]` seemed not been constrained by the loop and other statements. As a result, this bug maybe used for forged fake proof.
It seemed like this was a legacy repo, however, it may still lurk in the newest version maybe?
https://github.com/hermeznetwork/circuits/blob/master/src/lib/utils-bjj.circom
In L#12
BitsCompressed2AySign, the input signalbjjCompressedis not fully constrained.The
bjjCompressed[254]seemed not been constrained by the loop and other statements. As a result, this bug maybe used for forged fake proof.