CVE-2023-33252

Vulnerability

CVE-2023-33252 is a critical flaw in iden3/snarkjs versions through 0.6.11. The library fails to validate that the length of the publicSignals array is strictly less than the field modulus used in the zkSNARK proof [1][2]. This omission allows an attacker to forge proofs where publicSignals exceed the modulus, bypassing the intended verification.

Exploitation

An attacker with the ability to generate zero-knowledge proofs can craft a proof where the publicSignals array length is manipulated to be equal to or greater than the field modulus. Since snarkjs does not enforce the length bound, the modified proof passes verification [1]. The attack requires no authentication beyond the ability to submit proofs to a verifier.

Impact

Successful exploitation enables a double-spending scenario in systems that rely on snarkjs for proof verification. For example, in a cryptocurrency or token system, an attacker could reuse the same value multiple times by providing forged proofs, leading to financial loss or state corruption [2].

Mitigation

The vulnerability is fixed in snarkjs versions after 0.6.11 by adding a check that ensures publicSignals length is less than the field modulus [4]. Users should update to the latest version or apply the patch from the commit history.