Scroll ZKTrieVerifier Audit
Off-Chain (Private)
Audited on 2024/03/11
No active critical issues
Summary
) Notes & Additional Information 3 (2 resolved, 1 partially resolved) Scope We audited the scroll-tech/scroll repository at the c68f428 commit. In scope were the following files: contracts/src... Analysis In addition to manual review of the codebase, the engagement also incorporated advanced testing analysis to enhance the coverage of the audit and assess how the ZkTrieVerifier library will behave under various scenarios. Sections below outline the key steps of the work performed. Analysis...
Issues (5)
Low | Medium | High | Critical | Total | |
|---|---|---|---|---|---|
Not fixed | - | - | - | - | 0 |
Fixed | 4 | 1 | - | - | 5 |
| Total | 4 | 1 | 0 | 0 | 5 |
Malicious User Can Increase the Gas Cost of Verification
fixed/medium
None
Node Type Check Uses Underflow to Define Range
fixed/low
None
Trie Depth Is Not Explicitly Capped
fixed/low
None
Unbounded walkTree Due to Underflow
fixed/low
None
Use of Implicit Default rootHash and expectedHash
fixed/low
None
Contracts (2)
| # | File Name |
|---|---|
| 1 | contracts/src/L1/rollup/ScrollChainCommitmentVerifier.sol |
| 2 | contracts/src/libraries/verifier/ZkTrieVerifier.sol |