OpenVM zkVM Framework AUIPC Chip Overflow Vulnerability
Vulnerability
A vulnerability in the OpenVM zkVM framework, specifically in version 1.0.0, allows for an overflow through the byte decomposition of the program counter (pc) in the AUIPC instruction. A typo in the code causes the highest limb of the pc to be range-checked to 8 bits instead of the correct 6 bits. This error prevents the proper validation of the pc decomposition, enabling a malicious prover to manipulate the destination register's value, contradicting the AUIPC instruction's intent, by causing the decomposition to overflow a specific field. This issue has been addressed in version 1.1.0.
Impact
Exploitation of this vulnerability allows for unauthorized manipulation of register values in the AUIPC instruction, potentially leading to incorrect program behavior or logic.
Reproduction
The vulnerability can be reproduced by using OpenVM version 1.0.0 and executing a scenario where the AUIPC instruction's pc limb decomposition is processed. Due to the incorrect range check, the highest limb will be improperly validated, allowing for an overflow that can be exploited.
Remediation
Users are advised to update to OpenVM version 1.1.0, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.