Intmax implements two specialized libraries for use in Intmax2 ZKP: Plonky2 BN254 for scalar multiplication on the bn254 curve with additional utility functions and Plonky2 Keccak, a circuit gadget that calculates keccak256 hashes compatible with Solidity.
The most critical subjects covered in our audit are soundness and completeness. Before the intermediate report, several missing constraints allowed proving arbitrary statements:
• Padding Filter Allows Bypassing STARK Constraints
• Missing Constraints for Some starting values of STARKs
For details and further issues, please refer to the detailed issue description in the report. No issues were uncovered in Plonky2 Keccak.
After the intermediate report all issues have been resolved. In summary, we find that the Plonky2 Keccak256 and Plonky2 BN254 codebases provide a high level of security.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.