RISC Zero Steel Library Commitment Validation Vulnerability

A vulnerability exists in the RISC Zero Steel library, specifically in versions prior to 2.1.1 and 2.2.0. The issue arises in the `Steel.validateCommitment` function, which incorrectly accepts commitments with a digest value of zero. This flaw violates the function's intended semantics, as a zero digest does not correspond to any valid block on the chain, leading to a commitment that will never be produced by a correct zkVM guest using Steel. While this vulnerability does not directly compromise application integrity, it could be exploited to undermine the soundness of a program using Steel, particularly if combined with another bug or misuse of the library.

Impact

Exploitation of this vulnerability could allow for the acceptance of invalid commitments, potentially leading to incorrect behavior in applications using the Steel library.

Reproduction

To reproduce this vulnerability, create a commitment with a digest value of zero and a timestamp that is recent but does not correspond to a valid block. This commitment will be accepted by the `Steel.validateCommitment` function, despite being invalid.

Remediation

Users of the RISC Zero Steel library should update to version 2.1.1 or later. Additionally, ensure that `Steel.validateCommitment` is used in conjunction with zkVM proof verification of a Steel program. Instructions for verifying zkVM proofs are available in the RISC Zero documentation.