Back to home

Bug Finder

  • 2025
    BitVM. lshift_prevent_overflow assumes helper shifters populate altstack with (N_LIMBS−1) intermediate limbs and unconditionally pulls exactly (N_LIMBS−1) items back, causing stack underflow or silent stack-shape mismatch. [Issue/PR]
  • 2025
    BitVM. is_negative / is_positive misclassify when HEAD_OFFSET == 1. is_negative is always true, is_positive is always false. [Issue/PR]
  • 2025
    rust-bitcoin-m31. n31_neg computes (-MOD - x) and rewrites only when result equals -(MOD). For x ∈ {-MOD, 0}, returns 0 instead of canonical twisted zero -(MOD). [Issue/PR]
  • 2025
    lodestar. Container SSZ deserialize on short/empty inputs throws RangeError. [Issue/PR]
  • 2023
    Circomlib-ml. IsPositive() treats zero as a positive number. [Issue/PR]
  • 2022
    Circom-pairing. Circom-bigint BigMod/BigMod2 incorrectly omits range checks on the remainder. [Issue/PR]