On Succint's exploit SP1 zkVM vulnerability
Two articles referring to this relevant event in the industry:
-LambdaClass, in collaboration with 3Mi Labs and Aligned, disclosed an exploit in Succinct’s SP1 zkVM. The vulnerability emerges from the interaction of two distinct security flaws, potentially impacting zero-knowledge virtual machines. The responsible disclosure aims to strengthen security in the ZK ecosystem.
-Succinct addresses the SP1 zkVM vulnerability reported by LambdaClass, 3Mi Labs, and Aligned. The update details the nature of the exploit, security patches, and steps taken to prevent similar issues. It also outlines the impact assessment and recommendations for users.
starkware.co/blog
🔗
Responsible disclosure of an exploit in Succinct's SP1 zkVM, found in partnership with 3MI Labs and Aligned, which arises from the interaction of two distinct security vulnerabilities.
We have seen in several engineering projects the development of long and complex codebases, with too many fearures and poor documentation and testing. Some people believe that having such codebases shows that you are smart, have excellent coding skills and given a lot of thought on everything. We think it otherwise: the proof of mastery lies in simplicity.
blog.succinct.xyz
🔗
SP1 Security Update: 1/27/25
TL;DR There were two vulnerabilities found in SP1 V3, one found by Aligned, LambdaClass, and 3MI Labs and one found by Succinct. There was also one vulnerability found in Plonky3, a critical dependency of SP1, by Lev Soukhanov and Onur Kilic. We sincerely thank these researchers for reporting these issues. These three vulnerabilities are now patched in SP1 Turbo, the latest production version of SP1. We recommend all users of SP1 upgrade to Turbo ASAP, and we have frozen the routers to the SP1 verifier contracts deployed on mainnets.
