ThomasPiellard

1 exploit Active since Aug 2025
CVE-2025-57801 WRITEUP CRITICAL WRITEUP
gnark < 0.14.0 - Signature Malleability via Improper S Value Verification
gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S < order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack essential constraints, multiple distinct witnesses can satisfy the same public inputs. In protocols where nullifiers or anti-replay checks are derived from R and S, this enables signature malleability and may allow double spending. This issue has been addressed in version 0.14.0.
CVSS 9.1