ExponentiationImpl::pow()
returns 0 for 0^0
#65
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-05
primary issue
Highest quality submission among a set of duplicates
🤖_120_group
AI based duplicate group recommendation
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/kkrt-labs/kakarot-ssj/blob/d4a7873d6f071813165ca7c7adb2f029287d14ca/crates/utils/src/math.cairo#L41
Vulnerability details
The
ExponentiationImpl::pow()
function inmath.cairo
incorrectly returns 0 when computing 0^0, instead of the mathematically accepted value of 1. This breaks a fundamental mathematical convention that is relied upon in many mathematical contexts, including polynomial evaluation, Taylor series, and combinatorial calculations.The issue occurs because the function first checks if the base is zero and returns zero if true, without considering the special case where the exponent is also zero. This early return means that 0^0 evaluates to 0 instead of 1:
The mathematical definition of 0^0 = 1 is not arbitrary - it is the natural definition that makes many mathematical formulas and theorems work correctly. For example, this definition is necessary for:
This function is not currently being used to compute 0^0 in the code in scope. However, given the critical nature of the function and fundamental incorrectness of its output, the expectation of this issue causing vulnerabilities in future code is fulfilled.
Impact
Proof of Concept
N/A
Recommended Mitigation Steps
Add a check for the 0^0 case before checking if the base is zero:
This change preserves the mathematically correct behavior while maintaining all other functionality of the power function.
Assessed type
Other
The text was updated successfully, but these errors were encountered: