The ZK-ZKVM project Ola discovered a vulnerability in the privacy network Aleo Record verification, which has now been fixed

2023-06-20 21:43:51
Collection

ChainCatcher news, Ola team developer Payne tweeted that a logical vulnerability was discovered in Aleo, and a bug bounty was received from Aleo. Payne found a logical error in the validity check of the record spent by users while studying Aleo's code.

When the spent record is generated during the execution of a contract from the previous transaction, the commitment of the record should be used to construct the leaf node of the transition tree, but Aleo used the serial number of the record to construct the leaf node, which would cause the transaction to fail verification in the circuit. After communication, it was confirmed that the Aleo team has fixed this vulnerability.

It is reported that Ola is a Layer2 high-performance ZK-ZKVM project incubated by Sin7y Labs, focusing on programmable privacy, programmable scalability, and multi-language compatibility. It is expected to launch an internal testnet in the third quarter of 2023 and a public testnet by the end of the year. (source link)

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
banner
ChainCatcher Building the Web3 world with innovators