Impact
KZG blob proofs are not correctly verified in derivation. A proposer can provide invalid blobs in the witness, and generate a proof for an invalid state transition. Invalid withdrawals can be proven against this invalid state transition, putting user funds at risk.
Patches
All v3.0.0 users should immediately upgrade to version 3.1.0.
The updated program vkey hashes are as follows.
3.1.0 Patch
| Program |
Verification Key Hash |
| Ethereum DA Range Verification Key |
0x4aa69b1014c8bb84088b1fd535c4b3372d827bde7733153d0882ad326ee40f0b |
| Celestia DA Range Verification Key |
0x16969f473c774e3166b5ebc7633a2c076feecd0047ef549c62cf477158819b89 |
| Aggregation Verification Key |
0x00921c654a366744f63d70f0e1835d29283d0d9811ff6f870033fcb71b580b18 |
2.3.1 patch
For users still on v2.3.0, a lighter upgrade is available through the v2.3.1 patch. We strongly recommend upgrading to 3.1.0 as well to prevent some low severity DOS attacks in permissionless mode.
The updated program vkey hashes are as follows.
| Program |
Verification Key Hash |
| Ethereum DA Range Verification Key |
0x490685ea27adbbb83301073734f40a5656c984fe352359d54dd637e828e66872 |
| Celestia DA Range Verification Key |
0x3bbdf4dc00db6ade0d258caf77fd78480add5e4c6703c3812a6a10e74f78ec02 |
| Aggregation Verification Key |
0x003991487ea72a40a1caa7c234b12c0da52fc4ccc748a07f6ebd354bbb54772e |
0xEVom Finder
Impact
KZG blob proofs are not correctly verified in derivation. A proposer can provide invalid blobs in the witness, and generate a proof for an invalid state transition. Invalid withdrawals can be proven against this invalid state transition, putting user funds at risk.
Patches
All v3.0.0 users should immediately upgrade to version 3.1.0.
The updated program vkey hashes are as follows.
3.1.0 Patch
2.3.1 patch
For users still on v2.3.0, a lighter upgrade is available through the v2.3.1 patch. We strongly recommend upgrading to 3.1.0 as well to prevent some low severity DOS attacks in permissionless mode.
The updated program vkey hashes are as follows.