Skip to content

Commit

Permalink
refactor(CHANGELOG.md): deprecate Int64.isPositive() in addition to I…
Browse files Browse the repository at this point in the history 
…nt64.mod() due to incorrect behavior on -0, and recommend using Int64.isPositiveV2() and Int64.modV2() instead for improved security and correctness
  • Loading branch information
@MartinMinkov
MartinMinkov committed Jul 11, 2024
1 parent cb1542b commit fe3ccbd
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,9 +90,9 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm

### Deprecated

- `Int64.mod()` deprecated because it behaves incorrectly on `-0` https://github.com/o1-labs/o1js/pull/1660
- `Int64.isPositive()` and `Int64.mod()` deprecated because they behave incorrectly on `-0` https://github.com/o1-labs/o1js/pull/1660
- This can pose an attack surface, since it is easy to maliciously pick either the `+0` or the `-0` representation
- Use `Int64.modV2()` instead
- Use `Int64.isPositiveV2()` and `Int64.modV2()` instead
- Also deprecated `Int64.neg()` in favor of `Int64.negV2()`, for compatibility with v2 version of `Int64` that will use `Int64.checkV2()`
- `Ecdsa.verify()` and `Ecdsa.verifySignedHash()` deprecated in favor of `Ecdsa.verifyV2()` and `Ecdsa.verifySignedHashV2()` due to a security vulnerability found in the current implementation https://github.com/o1-labs/o1js/pull/1669

Expand Down

0 comments on commit fe3ccbd

Please sign in to comment.