Max len email addesses can be spoofed

[Divide-By-0]

Need to add a mitigation for the critical vulnerability where I can pretend to be another email address by making my email address <max_len_minus_10>@gmail.commydomain.com and <max_len_minus_10>@gmail.com reaches max_len so it truncates and thinks I'm the latter person.

Easy to fix by ensuring the array index via QuinSelector like this pseudocode:
message_id_regex_reveal[message_id_idx + max_message_id_len] === 0

[Coollaitar]

Would you be able to let me know which file needs to be modified?

[saleel]

@Divide-By-0 Packing of regex reveal asserts that data after maxLen is zero (i.e nothing is truncated) - https://github.com/zkemail/zk-email-verify/blob/main/packages/circuits/utils/regex.circom#L45

This should fix the above issue? (assuming the regex for From email returns the whole email address which is more than maxlen)