Double Spending Vulnerability in iden3 snarkjs (<=0.6.11) Due to Lack of PublicSignals Length Validation
CVE-2023-33252 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.
Learn more about our Web Application Penetration Testing UK.