From e957b6bc26cf51a1097e85d3784ed7208be90e6d Mon Sep 17 00:00:00 2001
From: Daniel Kuehr <daniel.kuehr@viablesystems.io>
Date: Mon, 24 Feb 2025 13:14:52 -0500
Subject: [PATCH] Fix out of bounds when verifying malformed proofs

---
 kimchi/src/circuits/polynomials/endomul_scalar.rs | 2 +-
 poly-commitment/src/commitment.rs                 | 7 +++++++
 signer/src/keypair.rs                             | 4 +++-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/kimchi/src/circuits/polynomials/endomul_scalar.rs b/kimchi/src/circuits/polynomials/endomul_scalar.rs
index 31b97e16f9..2f63a2e6d9 100644
--- a/kimchi/src/circuits/polynomials/endomul_scalar.rs
+++ b/kimchi/src/circuits/polynomials/endomul_scalar.rs
@@ -11,7 +11,7 @@ use crate::{
     },
     curve::KimchiCurve,
 };
-use ark_ff::{BitIteratorLE, BigInteger, Field, PrimeField};
+use ark_ff::{BigInteger, BitIteratorLE, Field, PrimeField};
 use std::array;
 use std::marker::PhantomData;
 
diff --git a/poly-commitment/src/commitment.rs b/poly-commitment/src/commitment.rs
index ef21cf8b68..970ce41008 100644
--- a/poly-commitment/src/commitment.rs
+++ b/poly-commitment/src/commitment.rs
@@ -739,6 +739,13 @@ impl<G: CommitmentCurve> SRS<G> {
 
             let s = b_poly_coefficients(&chal);
 
+            debug_assert!(s.len() <= scalars.len());
+
+            // TODO: implement a better solution at type/wire level, for now we just bail out...
+            if s.len() > scalars.len() {
+                return false;
+            }
+
             let neg_rand_base_i = -rand_base_i;
 
             // TERM
diff --git a/signer/src/keypair.rs b/signer/src/keypair.rs
index fc81dce32e..648c2caf3d 100644
--- a/signer/src/keypair.rs
+++ b/signer/src/keypair.rs
@@ -98,7 +98,9 @@ impl Keypair {
     pub fn secret_multiply_with_curve_point(&self, multiplicand: CurvePoint) -> CurvePoint {
         use ark_ec::AffineCurve;
         use ark_ec::ProjectiveCurve;
-        multiplicand.mul(self.secret.clone().into_scalar()).into_affine()
+        multiplicand
+            .mul(self.secret.clone().into_scalar())
+            .into_affine()
     }
 }