Succinct / SP1

SP1 is a performant, 100% open-source, contributor-friendly zkVM with a novel precompile-centric architecture. It is the only zkVM that is fully open-source, supports the Rust standard library, has customizable precompiles for state of the art performance, and leverages the latest techniques in STARKs for performant recursion and onchain verification.

We’re excited to be hosting this audit competition with the community to continue our ongoing process of ensuring that SP1’s codebase is production-ready and safe to use for developers.

Prize distribution and scoring

Total Prize Pool $110,000

• The prize distribution has 2 possible triggers:

  • If one or more valid medium severity findings are found, the total pot size is $20,000
  • If one or more valid high severity findings are found, the total pot size is $110,000

• Scoring described in the competition scoring page.

• Findings Severities described in detail on our docs page.

• Only High and Medium findings would be accepted for Total Prize Pool.

Documentation

• For a detailed description of SP1's architecture, read the technical whitepaper: drive

• You can also read this document (written by KALOS/rkm0959), which explores many of the angles of attacks on SP1: hackmd

• At a high-level:

  • core/src/alu

    • Implementation of tables for basic RISC-V opcodes, such as arithmetic instructions like ADD, SUB, MUL, and DIV and bitwise operations like XOR, AND, OR

  • core/src/bytes

    • Tables for byte operations and lookups

  • core/src/memory

    • Tables for initializing and finalizing memory with lookups

  • core/src/operations

    • Helper methods used in AIRs to describe computations over columns

  • core/src/syscall

    • Implementation of precompiles (accelerated computations) and special syscalls like HALT (terminate program) and COMMIT (write to public values)

  • core/src/stark

    • Implementation of core STARK prover

  • etc.

Scope

Repo: https://github.com/succinctlabs/sp1

Commit: 10495837c72f046aaccc81b81dc3c9055e3bf3a2

Contracts

Build Instructions

• Follow install instructions here: https://succinctlabs.github.io/sp1/getting-started/install.html

• To test whether you can successfully build the repo, I suggest running:

  • cargo test --release -p sp1-core

Proof of Concept Instructions

cd examplescd fibonacciRUST_LOG=debug cargo run \--release

Out of scope

• Lookup multiplicities can wrap over 𝐹p which may allow soundness to break for large program's circuits.

  • SP1 uses the LogUp lookup argument to perform lookups. For large computations, we need to be concerned about scenarios where the multiplicity of a certain lookups may wrap over p, which may break soundness.

  • We currently have a constant called "NUM_BYTE_LOOKUP_CHANNELS" which can be used to increase the overflow to p * NUM_BYTE_LOOKUP_CHANNELS for byte lookups.

• MemoryInit table can overwrite addresses/values in the MemoryProgram table.

  • Currently, we use the MemoryProgram table (which is preprocessed) to initialize memory values which are constants in the program. However, in the MemoryInit table we can reinitialize those address/values to be different values, which will break the assumption that those values are correctly initialized.

• We are also aware that registers and memory addresses share the same address space, this means a user can overwrite a register by doing a standard memory access, which also does not currently adhere to the RISC-V specification.

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.