Gnark · Gnark · CVE-2025-57801
Name of the Vulnerable Software and Affected Versions:
gnark versions prior to 0.14.0
Description:
gnark is a zero-knowledge proof system framework. The `Verify` function in `eddsa.go` and `ecdsa.go` used the `S` value from a signature without asserting that 0 ≤ `S` < order, leading to a signature malleability issue. This is due to a lack of essential constraints in gnark’s native EdDSA and ECDSA circuits, allowing multiple distinct witnesses to satisfy the same public inputs. In protocols where nullifiers or anti-replay checks are derived from `R` and `S`, this enables signature malleability and may allow double spending.
Recommendations:
Update to version 0.14.0 to resolve this issue.