Underconstrained Outputs
Detector Type:
Summary and Usage
The Underconstrained Output (UCO) detector identifies underconstrained output vulnerabilities in ZK circuits where signals are not sufficiently constrained. The UCO detector checks whether a component's output is constrained by either an input signal or a constant value. If neither condition holds, the output is underconstrained, creating a vulnerability that may allow malicious actors to generate valid proofs for bogus statements.
Usage
Coming soon.
Example and Explanation
- Zirgen
Coming soon.
Usage Example
- Zirgen
Coming soon.
Limitations
- This detector may produce false positives if an output is intended to be constant-constrained, but the constant is computed within the circuit (e.g., the output is a hash of a fixed value).
- This detector will miss cases where an output is constrained by some inputs, but should actually be constrained by multiple inputs.
How to Assess Severity
Findings from the UCO detector are generally considered severe. It is rare for output signals not to be derived from input signals or constants, so underconstrained outputs usually indicate that key computations or constraints have been accidentally omitted. These findings are therefore highly likely to represent critical issues.