Vulnerable File: packages/circuits/src/lib/Card.circom
commit: d32b6982536ca217d4255b14e449e3859764c600
Line 42-44 use <-- which does not add constraints to the witness.
However, the constraint in line 45 candidateIndex === divisor * numCards + selectedIndex; does not fully constraint the signal numCards , selectedIndex, and divisor.
This may cause possible security issues.
Vulnerable File:
packages/circuits/src/lib/Card.circomcommit:
d32b6982536ca217d4255b14e449e3859764c600Line 42-44 use
<--which does not add constraints to the witness.However, the constraint in line 45
candidateIndex === divisor * numCards + selectedIndex;does not fully constraint the signalnumCards,selectedIndex, anddivisor.This may cause possible security issues.