chore: bump starknet-crypto to v0.6.1 (#1469)

The new version contains a bug fix on ECDSA signature verification. Previously, the `s` range was incorrectly enforced to be lower than EC order instead of element bound. While this did not allow invalid signatures to be used, it was theoretically possible (1 in 2^48 signatures) to have a signature that passes `verify` yet cannot be proven (due to being out of element bound).
lambdaclass · Oct 31, 2023 · 0d41042 · 0d41042 · github-actions · Oct 31, 2023
1 parent e7ca592
commit 0d41042
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 #### Upcoming Changes
 
+* chore: bump starknet-crypto to v0.6.1 [#1469](https://github.com/lambdaclass/cairo-vm/pull/1469)
+
 * feat: Implement the Serialize and Deserialize methods for the Program struct [#1458](https://github.com/lambdaclass/cairo-vm/pull/1458)
 
 * feat: Use only program builtins when running cairo 1 programs [#1457](https://github.com/lambdaclass/cairo-vm/pull/1457)

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -49,7 +49,7 @@ hex = { version = "0.4.3", default-features = false }
 bincode = { version = "2.0.0-rc.3", default-features = false, features = [
     "serde",
 ] }
-starknet-crypto = { version = "0.5.0", default-features = false, features = [
+starknet-crypto = { version = "0.6.1", default-features = false, features = [
     "signature-display",
     "alloc",
 ] }