Analysis on audit "3.4 unwrap() risks" #101

oxarbitrage · 2021-05-15T20:32:25Z

I was checking all the unwrap()s we have in this codebase and i found:

some are unavoidable and safe to use like the ones as: https://github.com/ZcashFoundation/redjubjub/blob/main/src/batch.rs#L208-L215. Here the code will unwrap() after checking there is some value. Is the correct way for CtOption, they also have a comment XXX-jubjub: should not use CtOption here however i have no idea what is the status of that.
some others are safe but they need some comment.
some can be changed and use the ? operator instead.
some can be replaced with expect("some more clear message")
some are in tests so we don't really care.

This PR makes some changes where some improvement can be made.

The PR can have conflicts with #88 so we probably need to rebase if we consider to merge.

src/frost.rs

src/lib.rs

teor2345

I don't think we should return a Result from the basepoint calculation.

It's ok to panic here, because an invalid basepoint is a serious bug in the program.

daira

This PR should be closed; the non-test code that it's changing doesn't exist in this crate any more.

conradoplg · 2023-04-21T14:52:06Z

Closing since it oudated, I opened ZcashFoundation/reddsa#61 instead

do some work around unwraps()

40363cc

oxarbitrage mentioned this pull request May 15, 2021

Frost to merge #98

Open

10 tasks