[Info] Assert-based shard size validation panics

[this-vishalsingh]

Context: crates/sdk/src/cpu/prove.rs

Description

shard_size() uses assert!(value.is_power_of_two(), ...) for input validation. If value is derived from untrusted input in an application using this SDK, an attacker can trigger a panic and crash the process (DoS), depending on panic settings.

Exploitation path: an application exposes a user-controlled parameter mapped into shard_size(...); sending a non-power-of-two value triggers a panic.

Impacted code :

pub fn shard_size(mut self, value: usize) -> Self {
    assert!(value.is_power_of_two(), "shard size must be a power of 2");
    self.core_opts.shard_size = value;
    self
}

Recommendation

Return a Result (or clamp/validate and return an error) instead of panicking. This prevents denial-of-service when parameters may be user-controlled.