Beosin Security Researchers Discovered SnarkJS Library Vulnerability CVE-2023–33252

Last month, Beosin security researchers have discovered a high-risk vulnerability CVE-2023–33252 in the library of SnarkJS (version 0.6.11 and earlier).

The high-risk vulnerability that allowing double-spending has now been fixed by Circom. It has a severity score of 7.5 in the github advisory database.

The high-risk vulnerability has also been updated to the npm library, and the following warning message will be displayed when installing older versions of the snarkjs library.

Read the full story:
https://medium.com/@Beosin_com/beosin-security-researchers-discovered-snarkjs-library-vulnerability-cve-2023-33252-7e64f487c73c

image1920×1041 96.2 KB

just curious, does this mean you can go double spend all the tornado cash / tornado cash nova deposits?

Thank you for asking such a good question! When implementing the tornado.cash project, specific security measures have been taken to address this vulnerability.