I am Suneal, security researcher at zkSecurity. I am interested in cryptography, distributed systems and their applications. I build encrypted email MetaMail at parttime. Previously worked at wechat as software engineer. I write about my projects, security findings, and other things that I find interesting. Contact me at xurigong [at] gmail.com
.
Posts
Jul 9 2025
Uncovering the Query Collision Bug in Halo2: How a Single Extra Query Breaks Soundness
I found a soundness bug in Halo2
Jun 26 2025
Uncovering the Phantom Challenge Soundness Bug in Solana's ZK ElGamal Proof Program
I found a critical soundness zk bug in Solana
May 21 2025
Interesting findings on p256 implementation
May 1 2025
Optimizing Barrett Reduction: Tighter Bounds Eliminate Redundant Subtractions
Our analysis, conducted during the Rust p256 crate audit, shows that the error bound for Barrett reduction can be tighter than traditionally assumed.
Feb 19 2025
[Hack] Uncovering and Fixing an Inflation Bug in Aleo
A critical inflation bug found in Aleo
Feb 1 2024
[Hack] Missing Constraint in zkEmail's Email Verification Circom Circuit
A critical severity vulnerability found in zkEmail’s Circuit
Mar 7 2023
[Hack] Incorrect User Operation Hash Vulnerability in ERC4337
A high severity vulnerability found in ERC4337 entrypoint v0.5
May 10 2018
Just to test theme