Name of the Vulnerable Software and Affected Versions: SP1 versions prior to 4.0.0

Description: The issue concerns the validation of the chip ordering provided by the prover in SP1's STARK verifier, which was missing prior to version 4.0.0. This allowed for potential incorrect indexing of chips. Additionally, the recursive verifier had an underconstrained is complete boolean flag, affecting the soundness of the Rust SDK and on-chain verifier. Furthermore, the polynomial evaluation claims in the FRI-based polynomial commitment scheme were not properly observed, leading to potential incorrect results. The estimated number of potentially affected devices is not specified.

Recommendations: For versions prior to 4.0.0, update to version 4.0.0 or later to fix the issues with chip ordering validation, the is complete flag, and the polynomial evaluation claims. As a temporary workaround, consider disabling the affected verifiers until a patch is available. Restrict access to the vulnerable components, such as the recursive verifier and the on-chain verifier, to minimize the risk of exploitation.