RUSTSEC-2021-0075: 
Rust vulnerability analysis and mitigation

The vulnerability (RUSTSEC-2021-0075) was discovered in the ark-r1cs-std crate versions before 0.3.1 for Rust. The issue involves the FieldVar::mulbyinverse method, which failed to enforce necessary constraints, allowing a prover to produce unsound proofs that could still be verified (NVD).

The vulnerability stems from a soundness issue in the mulbyinverse implementation where the newly allocated d_inv variable did not need to be the inverse of d but could be any value. This implementation flaw meant that constraint systems could be satisfiable in cases where they should have been unsatisfiable, particularly when dealing with zero values (GitHub PR). The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow a malicious prover to generate proofs that are unsound but would nonetheless be verified as valid. This particularly affected polynomial gadgets that used this API, potentially compromising the integrity of cryptographic operations (GitHub PR).

The issue was fixed in version 0.3.1 of the ark-r1cs-std crate by implementing proper constraint enforcement in the mulbyinverse method. Users are advised to upgrade to this version or later to ensure proper security (NVD).