-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
error handing for verify()
functions
#569
Labels
tech debt
Technical debt. We all pay eventually!
Comments
can i take on this ? |
Thanks for volunteering. However, we need an internal meeting to make some design decisions. Thus we'll take care by our own. |
Can I contribute to another issue then ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A lot of verification functions (e.g. in signature, commitment, merkle tree, etc) are returning a wrapped
Result<VerificationResult, Error>
that provides some detailed information about internal error. This could lead to a side-channel attack.We should simply return a bool or
Result<(), ()>
which indicated whether the verification is successful, and nothing else.Detailed internal error shouldn't only be provided in debug mode.
The text was updated successfully, but these errors were encountered: