Transparency Report 18: Update SP1-SDK & Verification Key

Toufeeq_Pasha · June 17, 2025, 1:00pm

Report Author: Toufeeq

Execution Details: Changes have been applied at block #1,443,438

Technical Committee Consensus: 5/7 signers https://avail.subscan.io/tech/32?tab=proposal

Introduction

This document provides transparency on executed network changes. A vulnerability was identified in Plonky3, an external dependency of the sp1-sdk, which has since been addressed in sp1-sdk version 5.0.0. You can learn more about the vulnerability here.

The Technical Committee (TC) has approved and executed the emergency proposal to perform a runtime upgrade of the network, along with updating the SP1 verification key. After assessing their effectiveness, impact, execution feasibility, and security implications, the TC reached a 5/7 majority consensus to proceed with the upgrade.

Executed Changes

The emergency proposal included two key changes:

Runtime upgrade to use sp1-sdk v5.0.0 in pallet_vector (Bridge)
Update the SP1 verification key

Code Modifications

For those interested, you can review the necessary code modifications in the following PR:

PR

If you need further details or have any concerns, please feel free to leave a comment.

Thank you.

Topic		Replies	Views
Transparency report 17: Runtime Upgrade - Bridge changes Governance V1	0	34	April 25, 2025
Transparency Report 16: Critical Runtime Upgrade - Filtering VectorX Bridge transactions Avail Transparency Report	1	99	March 14, 2025
Transparency Report 15: Expand Validator Set Avail Transparency Report	0	77	March 3, 2025
Transparency Report 6: Migrated to FungibleAdapter Avail Transparency Report	3	30	October 22, 2024
Transparency Report 8: Expand Validator Set Avail Transparency Report	3	126	November 5, 2024

Transparency Report 18: Update SP1-SDK & Verification Key

Introduction

Executed Changes

Code Modifications

Related topics