Within the proof system, variables are not always listed in the same order. One place where this could lead to a problem is in the arithmetic proving and verifying keys. The arithmetic prover key has “q_c before q_4”, unlike the arithmetic verifier key struct which stores “q_4 before q_c”, and strangely the verifier key serialization stores “q_c before q_4”.
The arithmetic verifier key does correctly swap q_c and q_4 in from_bytes, so there are no bugs present currently. However, swapping the order throughout the codebase is very unexpected and may lead to bugs in the future.
Recommendation: pick one ordering and stick to it throughout the library. In particular, please serialize things in the same order they are stored in the struct.
Summary
Within the proof system, variables are not always listed in the same order. One place where this could lead to a problem is in the arithmetic proving and verifying keys. The arithmetic prover key has “q_c before q_4”, unlike the arithmetic verifier key struct which stores “q_4 before q_c”, and strangely the verifier key serialization stores “q_c before q_4”. The arithmetic verifier key does correctly swap q_c and q_4 in from_bytes, so there are no bugs present currently. However, swapping the order throughout the codebase is very unexpected and may lead to bugs in the future.
Recommendation: pick one ordering and stick to it throughout the library. In particular, please serialize things in the same order they are stored in the struct.
Relevant Context
Finding 2 of the audit.