Contract allows numG2 ≥ 1, but does not verify G2 points > 1.
recmo opened this issue · 0 comments
recmo commented
It seems possible to deploy the contract with numG2 ≥ 1
and call potUpdate
with corresponding vector of G2
elements, but the consistency of G2 points except the first is never checked.
This allows an attacker to construct a sham ceremony where G2 powers > 1 are inconsistent and attacker controlled.