Fix out of bounds when verifying malformed proofs

Author: Daniel Kuehr

kimchi/src/circuits/polynomials/endomul_scalar.rs

@@ -11,7 +11,7 @@ use crate::{
     },
     curve::KimchiCurve,
 };
-use ark_ff::{BitIteratorLE, BigInteger, Field, PrimeField};
+use ark_ff::{BigInteger, BitIteratorLE, Field, PrimeField};
 use std::array;
 use std::marker::PhantomData;
 

poly-commitment/src/commitment.rs

@@ -739,6 +739,13 @@ impl<G: CommitmentCurve> SRS<G> {
 
             let s = b_poly_coefficients(&chal);
 
+            debug_assert!(s.len() <= scalars.len());
+
+            // TODO: implement a better solution at type/wire level, for now we just bail out...
+            if s.len() > scalars.len() {
+                return false;
+            }
+
             let neg_rand_base_i = -rand_base_i;
 
             // TERM

signer/src/keypair.rs

@@ -98,7 +98,9 @@ impl Keypair {
     pub fn secret_multiply_with_curve_point(&self, multiplicand: CurvePoint) -> CurvePoint {
         use ark_ec::AffineCurve;
         use ark_ec::ProjectiveCurve;
-        multiplicand.mul(self.secret.clone().into_scalar()).into_affine()
+        multiplicand
+            .mul(self.secret.clone().into_scalar())
+            .into_affine()
     }
 }