logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2025-52884 risc0-ethereum-contracts

Package

Manager: cargo
Name: risc0-ethereum-contracts
Vulnerable Version: >=0 <2.1.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

EPSS: 0.00075 pctl0.23321

Details

RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment ### Impact Prior to 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel. Leveraging this bug to compromise the soundness of an application using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs (e.g. having the guest commit to a digest of zero, or failing to check the zkVM proof). Because this bug does not risk application integrity, correctly written applications are not at risk. ### Fix Please see [#605] for a full description of the bug, and the fix. This fix has been released as part of `risc0-ethereum` [2.1.1] and [2.2.0]. ### Recommended actions Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the [ERC-20 counter example][example], and [documentation]. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel. ### Credit A thank you to Daniel526 on HackenProof for reporting this issue [#605]: https://github.com/risc0/risc0-ethereum/pull/605 [example]: https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63 [documentation]: https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain [2.1.1]: https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1 [2.2.0]: https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0

Metadata

Created: 2025-06-25T21:27:59Z
Modified: 2025-06-25T21:28:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-gjv3-89hh-9xq2/GHSA-gjv3-89hh-9xq2.json
CWE IDs: ["CWE-159"]
Alternative ID: GHSA-gjv3-89hh-9xq2
Finding: F340
Auto approve: 1