CVE-2024-45039

Name of the Vulnerable Software and Affected Versions gnark versions prior to 0.11.0

Description The issue is a soundness problem in the gnark zk-SNARK library. When multiple commitments are used inside a circuit, the prover can choose all but the last commitment. This could impact the soundness of the whole circuit, particularly when commitments are used as random challenges for optimized non-native multiplication, lookup checks, etc. However, using multiple commitments has been discouraged due to the additional cost to the verifier and has not been supported in certain verifiers. The impact of the issue is expected to be small, affecting only users who have implemented the native Groth16 verifier or are using it with multiple commitments.

Recommendations To resolve the issue, update to version 0.11.0 or later. As a temporary workaround, consider using only a single commitment and derive in-circuit commitments as needed using the std/multicommit package.