Skip to main content

Signal-Dependent Control Flow

Detector Type:Compute Only

Summary and Usage

The Signal-Dependent Control Flow (SDCF) detector flags cases where signal-derived values are used to control conditional statements in a ZK circuit. Conditional assignments are difficult to constrain correctly and may lead to unconstrained values. This poses a significant security risk, since unconstrained values could enable the construction of bogus proofs.

Usage

info

Coming soon.

Example and Explanation

info

Coming soon.

Usage Example

info

Coming soon.

Limitations

The SDCF detector flags conditional expressions and the signals used in those conditional expressions, but is unable to determine if the conditional expressions are properly constrained or not, as this requires knowledge of what the design goal of the circuit is. For example, the SDCF detector would still report the same issue for circomlib's IsZero circuit, even though it is properly constrained.

How to Assess Severity

The severity of signal-dependent control flow depends heavily on whether or not the involved signals have been properly constrained according to the design of the circuit. Assuming that the finding is not a false positive, then the consequences can be severe, as the verifier may accept a proof with signal assignments outside of what is intended, allowing malicious users to prove invalid statements.