'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
RISC Zero Disclosed Report
Bug bounty report 
Target
https://github.com/risc0/risc0/tree/main/risc0
Vulnerability Details
Overview
Using fault injection, it is currently possible to prove and verify an execution trace that is not a correct execution of the RISC0 VM.
As of now, I identified remu and divu as infected instructions.
I provided a proof of concept with which I was able to verify a proof that claimed: 7 % 5 = 0.
Inside the provided supplementary.zip you can find my_project, a very simple risc0 project, and malicious-prover.patch, a git patch file for the risc0 repository.
The Cargo.toml files inside of the my_project repository expect the manipulated risc0 repository on the same directory level.
The source files manipulated are:
risc0/circuit/rv32im/src/execute/rv32im.rsrisc0/circuit/rv32im-sys/kernels/cxx/ffi.cpp
Furthermore, I used the local prover setting to generate the proof.
The main idea for the attack is to use the 2nd register also as 3rd register. This seems to work for remu and divu, resulting in a certain 0 or 1 respectively.
Usually the verifier is able to catch this, but it seems that some constraints are not (enough) enforced, leading to an underconstrainedness of the RISC0 system in this regard.
Versions
toolchain installed with: rzup 0.4.0
risc0 commit hash: 1385e049dffb98bb4ee237709e69a9dee3b40625
Please let me know if you need more information.
Validation steps
- setup an environment with the risc0 toolchain installed
- unzip the provided supplementary material
- download the risc0 repository in the same directory and apply the provided git patch
- build and run the
my_projectproject - the printed message should say:
verified that 7 % 5 = 0
Attachments
supplementary.zip
Comments on this report are hidden 
Details 
Participants (5) 
