fix!: prevent OOM via unbounded Groth16 verifying key deserialization (backport #6754)#6781
Merged
fix!: prevent OOM via unbounded Groth16 verifying key deserialization (backport #6754)#6781
Conversation
Add an exact size check (396 bytes) on Groth16Vkey in ValidateBasic() and genesis Validate() before passing it to gnark's deserializer. Without this check, an attacker-controlled uint32 length prefix in the serialized VK causes gnark-crypto to allocate up to ~256 GiB from a ~292-byte input, crashing any node during CheckTx with no authentication required. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> (cherry picked from commit 5803d7e)
The existing size check (Groth16VkeySize == 396) can be bypassed by crafting a payload that is exactly 396 bytes but has the internal G1.K length prefix set to 0xFFFFFFFF. This causes gnark to allocate ~256 GiB before returning an error. These tests reproduce the issue raised in PR review feedback. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> (cherry picked from commit 5d077d7)
The outer size check alone is insufficient: an attacker can craft a payload that is exactly Groth16VkeySize (396 bytes) but has the internal G1.K length prefix set to 0xFFFFFFFF, causing gnark to allocate ~256 GiB before returning an error. Add ValidateGroth16Vkey() that checks both the total size and the big-endian uint32 G1.K length at bytes 288-291, ensuring it equals the expected value of 3 (nPublic + 1 for SP1's 2 public inputs). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> (cherry picked from commit 53c577c)
mergify
bot
requested review from
cmwaters,
evan-forbes,
ninabarbakadze,
rach-id and
rootulp
as code owners
rootulp
previously approved these changes
Mar 11, 2026
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
auto-merge was automatically disabled
March 11, 2026 04:10
Pull request was converted to draft
3 tasks
…prefixes in Groth16 vkey ValidateGroth16Vkey validated the G1.K length prefix at offset 288 but did not validate the two uint32 length prefixes at offsets 388 (CommitmentKeys) and 392 (PublicAndCommitmentCommitted). An attacker could craft a valid 396-byte payload that passes both existing checks but sets CommitmentKeys length to 0xFFFFFFFF, causing gnark to call make([]pedersen.VerifyingKey, 0xFFFFFFFF) and OOM. Since the SP1 Groth16 circuit does not use Pedersen commitments, both trailing length prefixes must be 0. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The backport from main used v8 import paths which don't exist on v7.x. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
damiannolan
approved these changes
Mar 11, 2026
github-merge-queue bot
pushed a commit
that referenced
this pull request
Mar 11, 2026
…#6788) ## Summary - Validates the `CommitmentKeys` (offset 388) and `PublicAndCommitmentCommitted` (offset 392) uint32 length prefixes in `ValidateGroth16Vkey`, ensuring both are 0 - Adds unit tests reproducing the OOM attack vector for both trailing fields - Adds integration test cases in `msgs_test.go` for end-to-end validation ## Context This was identified in [this review comment](#6781 (comment)) on PR #6781. The existing `ValidateGroth16Vkey` validates the G1.K length prefix but does not validate the two trailing uint32 length prefixes. An attacker can craft a valid 396-byte payload that passes both existing checks but sets `CommitmentKeys` length to `0xFFFFFFFF`, causing gnark to `make([]pedersen.VerifyingKey, 0xFFFFFFFF)` and OOM — the same pre-allocation vulnerability pattern that #6781 fixes for G1.K. Since the SP1 Groth16 circuit does not use gnark's Pedersen commitment feature, both trailing length prefixes must be 0. ## Test plan - [x] `TestValidateGroth16Vkey` covers all attack vectors (inflated CommitmentKeys, inflated PublicAndCommitmentCommitted, small non-zero values) - [x] `TestMsgCreateInterchainSecurityModuleValidateBasic` covers end-to-end message validation with malicious vkeys - [x] All existing zkism tests pass (`go test -short ./x/zkism/...`) 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- devin-review-badge-begin --> --- <a href="https://app.devin.ai/review/celestiaorg/celestia-app/pull/6788" target="_blank"> <picture> <source media="(prefers-color-scheme: dark)" srcset="https://static.devin.ai/assets/gh-open-in-devin-review-dark.svg?v=1"> <img src="https://static.devin.ai/assets/gh-open-in-devin-review-light.svg?v=1" alt="Open with Devin"> </picture> </a> <!-- devin-review-badge-end --> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
evan-forbes
approved these changes
Mar 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes https://dashboard.hackenproof.com/manager/companies/celestia/celestia/reports/CELESTIA-214
Summary
ValidateGroth16Vkey()that performs two checks onGroth16VkeyinValidateBasic()and genesisValidate()before passing it to gnark's deserializer:Groth16VkeySize(396 bytes) — rejects payloads that are too short or too longGroth16VkeyG1KLength(3) — reads the big-endianuint32at bytes 288–291 and verifies it equals the expected value (nPublic + 1for SP1's 2 public inputs)make([]G1Affine, 0xFFFFFFFF)(~256 GiB allocation), crashing any node duringCheckTxwith no authentication required-shortmode)msgs_test.goandgenesis_test.goverifying malicious payloads are rejected before deserialization, including the 396-byte bypass variantTest plan
go test -v ./x/zkism/types/— all tests pass including new OOM payload rejection testsgo test -v ./x/zkism/internal/groth16/— POC test confirms 65 MiB allocation from 292-byte input (233,472× amplification)go test -v -short ./x/zkism/internal/groth16/— POC test correctly skipped in short modemake build-standalone— compiles cleanly🤖 Generated with Claude Code
This is an automatic backport of pull request #6754 done by Mergify.