Kustosz

**Name of the Vulnerable Software and Affected Versions** gnark versions prior to 0.9.0 **Description** The issue concerns the construction of two valid decompositions to bits for some in-circuit values, due to overflowing the field where the values are defined. This allows a malicious prover to construct a valid proof for a statement `a < b` even if `a > b`. The problem impacts users using `API.Cmp` or `API.IsLess` methods, as well as those using `bits.ToBinary` or `API.ToBinary` methods with full-width decomposition. **Recommendations** Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods. Alternatively, users can use the `std/math/cmp` gadget, which allows bounding the number of bits being compared, making comparisons more efficient if the bound on the absolute difference of the values is known.