Signal-Dependent Control Flow
Detector Type:
Summary and Usage
The Signal-Dependent Control Flow (SDCF) detector flags cases where signal-derived values are used to control conditional statements in a ZK circuit. Conditional assignments are difficult to constrain correctly and may lead to unconstrained values. This poses a significant security risk, since unconstrained values could enable the construction of bogus proofs.
Usage
Coming soon.
Example and Explanation
- Zirgen
Coming soon.
Usage Example
- Zirgen
Coming soon.
Limitations
The SDCF detector flags conditional expressions and the signals used in those conditional expressions,
but is unable to determine if the conditional expressions are properly constrained or not,
as this requires knowledge of what the design goal of the circuit is.
For example, the SDCF detector would still report the same issue for circomlib's IsZero
circuit, even
though it is properly constrained.
How to Assess Severity
The severity of signal-dependent control flow depends heavily on whether or not the involved signals have been properly constrained according to the design of the circuit. Assuming that the finding is not a false positive, then the consequences can be severe, as the verifier may accept a proof with signal assignments outside of what is intended, allowing malicious users to prove invalid statements.