Closed venezuela01 closed 4 months ago
Any comments? @petehunt @dark64 @Schaeff
Any comments? @petehunt @dark64 @Schaeff
Hmm great catch, it does look like the input and output sizes are incorrect judging by the precompile implementation you linked.
There are many downstream projects that have copied and pasted code from ZoKrates, and now all the children and grandchildren inherit the incorrect sizes. It would be nice if someone could fix it upstream. I'm not a Solidity developer; I just catch it occasionally when reviewing code in other projects. It would be great if someone more knowledgeable than me could fix the code. ;-)
Description
The
zokrates export-verifier
command generates averifier.sol
file, sourcing its code templates from solidity.rs. Upon closer inspection of the code, there seems to be something wrong in input and output sizes:input
is defined asuint[4]
, totaling32*4 = 128
bytes, or0x80
in hexadecimal.r
variable represents aG1Point
, amounting to32*2 = 64
bytes, or0x40
in hexadecimal.However, the
staticcall
specifies0xc0
as the input size and0x60
as the output size, both of which are larger than necessary.A similar discrepancy is observed in
scalar_mul
. I haven't exhaustively inspected other calls/static calls.It appears that this code has been functioning without issues for years, arguably due to luck, as EVM precompiled contracts ignore the input and output sizes for
Bn256Add
andBn256ScalarMul
, as seen in the Bn256Add and Bn256ScalarMul.Could anyone confirm this? Thanks.
Earliest commit: fc60aa97e88d7c195517d8d69226763d088268ce