Summary
Two code hygiene issues: (1) XMSS parameters (V=42, W=3, CHAIN_LENGTH=8) are compile-time constants with no generic parameterization, and (2) the workspace has no unsafe_code = "deny" lint, with undocumented unsafe usage in at least two locations.
Severity
LOW -- Code hygiene; current behavior is correct but fragile.
Location
Hardcoded parameters:
crates/xmss/src/lib.rs:17-22 -- Constants V=42, W=3, CHAIN_LENGTH=8 are compile-time fixed with no generic parameterization
Missing unsafe lint:
Cargo.toml:24-51 -- Workspace lints section has no unsafe_code lintcrates/whir/src/utils.rs:147 -- unsafe { *evals.get_unchecked(src_index) } -- undocumented unsafecrates/backend/koala-bear/src/monty_31/monty_31.rs:223 -- unsafe { flatten_to_base(...) } -- undocumented unsafe
Impact
Parameters: Low -- current parameters are reasonable. Changing security targets requires recompilation.
Unsafe: Low -- existing unsafe appears correct on inspection. However, without the workspace lint, future un-reviewed unsafe additions could introduce memory safety bugs silently.
Suggested Fix
Parameters: Make XMSS parameters generic over a SecurityParams trait.
Unsafe lint: Add to workspace Cargo.toml:
[workspace.lints.rust]
unsafe_code = "deny"
Then annotate each justified unsafe block with a // SAFETY: comment explaining the invariant.
References
Summary
Two code hygiene issues: (1) XMSS parameters (V=42, W=3, CHAIN_LENGTH=8) are compile-time constants with no generic parameterization, and (2) the workspace has no
unsafe_code = "deny"lint, with undocumented unsafe usage in at least two locations.Severity
LOW -- Code hygiene; current behavior is correct but fragile.
Location
Hardcoded parameters:
crates/xmss/src/lib.rs:17-22-- ConstantsV=42, W=3, CHAIN_LENGTH=8are compile-time fixed with no generic parameterizationMissing unsafe lint:
Cargo.toml:24-51-- Workspace lints section has nounsafe_codelintcrates/whir/src/utils.rs:147--unsafe { *evals.get_unchecked(src_index) }-- undocumented unsafecrates/backend/koala-bear/src/monty_31/monty_31.rs:223--unsafe { flatten_to_base(...) }-- undocumented unsafeImpact
Parameters: Low -- current parameters are reasonable. Changing security targets requires recompilation.
Unsafe: Low -- existing unsafe appears correct on inspection. However, without the workspace lint, future un-reviewed unsafe additions could introduce memory safety bugs silently.
Suggested Fix
Parameters: Make XMSS parameters generic over a
SecurityParamstrait.Unsafe lint: Add to workspace
Cargo.toml:Then annotate each justified
unsafeblock with a// SAFETY:comment explaining the invariant.References