Double Spending Vulnerability in iden3 snarkjs (<=0.6.11) Due to Lack of PublicSignals Length Validation

CVE-2023-33252 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.

Learn more about our Web Application Penetration Testing UK.