[M-1] Proof parsing leaks heap memory permanently

**Context**: `gnark-solana/crates/verifier-lib/src/proof.rs`


### Description

Both `parse()` and `from_bytes()` convert the commitments `Vec` into a leaked `'static` slice via `Box::leak(...)`. 

If these APIs are used repeatedly in a long-running process (e.g., an RPC/verifier service), each call permanently leaks memory proportional to the number of commitments, enabling denial-of-service over time by sending many proofs. 

This is particularly risky combined with unbounded commitment counts.

**Impacted code**
```
let commitments_vec = read_vk_ic(&mut reader)?;
let commitments: &'static [[u8; 64]] = Box::leak(commitments_vec.into_boxed_slice());
...
let commitments: &'static [[u8; 64]] = Box::leak(commitments_vec.into_boxed_slice());
```


### Recommendation

Avoid `Box::leak`. 
Store commitments as an owned `Vec<[u8; 64]>` inside `GnarkProof` (or use `Cow`/arena allocation with bounded lifetime). 
If a slice is required, tie its lifetime to an owned buffer held by the struct, not `'static`.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[M-1] Proof parsing leaks heap memory permanently #42

Description

Recommendation

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[M-1] Proof parsing leaks heap memory permanently #42

Description

Description

Recommendation

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions