OpenVM

OpenVM PR 2150 & 2152

Cantina Security Report

Organization

@OpenVM

Engagement Type

Cantina Solo

Period

-

Researchers


Findings

Informational

1 findings

0 fixed

1 acknowledged


Informational1 finding

  1. max_block_size will never be used

    State

    Acknowledged

    Severity

    Severity: Informational

    Submitted by

    zigtur


    Description

    The max_block_size value is initialized to 4. Then, depending on the number of items, it is set to either 16 or 32.

    The only case for which the initial 4 value is kept is when no item is found. This is never met in practice.

    let mut max_block_size = 4; // @audit default value will never be used
        for (mod_idx, item) in items.into_iter().enumerate() {        let modulus = item.value();        let modulus_bytes = string_to_bytes(&modulus);        let mut limbs = modulus_bytes.len();        let mut block_size = 32; // @audit 32 is set when a least 1 item is found
            if limbs <= 32 {            limbs = 32;        } else if limbs <= 48 {            limbs = 48;            block_size = 16;        } else {            panic!("limbs must be at most 48");        }
            max_block_size = max_block_size.max(block_size); // @audit will be either 32 or 16

    Recommendation

    The max_block_size value could default to either 16 or 32.

    OpenVM

    Acknowledged and intentional. The default of 4 is set for defensive coding since that's the minimum that the prover requires. But indeed right now it will always be either 16 or 32.

    Cantina

    Acknowledged.