I am Suneal, security researcher at zkSecurity. I am interested in cryptography, distributed systems and their applications. I build encrypted email MetaMail at parttime. Previously worked at wechat as software engineer. I write about my projects, security findings, and other things that I find interesting. Contact me at xurigong [at] gmail.com.

Posts

Jul 9 2025

Uncovering the Query Collision Bug in Halo2: How a Single Extra Query Breaks Soundness

I found a soundness bug in Halo2

Jun 26 2025

Uncovering the Phantom Challenge Soundness Bug in Solana's ZK ElGamal Proof Program

I found a critical soundness zk bug in Solana

May 21 2025

Audit of Rust P256 crate

Interesting findings on p256 implementation

May 1 2025

Optimizing Barrett Reduction: Tighter Bounds Eliminate Redundant Subtractions

Our analysis, conducted during the Rust p256 crate audit, shows that the error bound for Barrett reduction can be tighter than traditionally assumed.

Feb 19 2025

[Hack] Uncovering and Fixing an Inflation Bug in Aleo

A critical inflation bug found in Aleo

Feb 1 2024

[Hack] Missing Constraint in zkEmail's Email Verification Circom Circuit

A critical severity vulnerability found in zkEmail’s Circuit

Mar 7 2023

[Hack] Incorrect User Operation Hash Vulnerability in ERC4337

A high severity vulnerability found in ERC4337 entrypoint v0.5

May 10 2018

Markdown Cheat Sheet

Just to test theme