Skip to main content

Out-Of-Range Signals

Detector Type:Compute and Constrain

Summary and Usage

The Out-Of-Range Signals (OORS) detector analyzes patterns of computation and constraint generation to estimate the expected ranges of intermediate values (e.g., if a value is part of a byte decomposition, it should lie within [0, 255]). These expected ranges are then compared against the actual ranges enforced by constraints. If the expected range is narrower than the enforced range, values may fall "out of range," leaving them underconstrained and potentially introducing bugs or vulnerabilities.

Usage

info

Coming soon.

Configuration Options

info

Coming soon.

Example and Explanation

info

Coming soon.

Usage Example

info

Coming soon.

Limitations

  • This detector uses LLZK’s intraprocedural range analysis to infer expected intervals. Any inaccuracies in this analysis (e.g., when constraints are applied indirectly in other parts of the circuit) may result in false positives.
  • This detector only recognizes a specific set of patterns to infer likely intervals. It will not detect out-of-range errors for computation patterns that are highly circuit- or application-specific.

How to Assess Severity

If confirmed as a true positive, a finding from the OORS detector indicates a severe issue. Underconstrained values may allow multiple different proofs to yield the same output, undermining the integrity of the circuit.