The challenger for the Fiat-Shamir transformation needs to observe all of the pieces which are in the transcript. Otherwise, soundness bugs can result. See derive/src/lib.rs, where there are some relevant TODO comments. Review the use of the challenger to make sure that the Fiat-Shamir transformation is being performed properly, adding any observations to it as needed.

The challenger should also observe a digest of all constraints & trace lengths, according to a comment by Daniel Lubarov in the implementation of verify in derive/src/lib.rs.