Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xiao - Differences between ZKSync and Ethereum in handling contract deployment and address calculation #777

Open
sherlock-admin4 opened this issue Sep 15, 2024 · 0 comments
Open

xiao - Differences between ZKSync and Ethereum in handling contract deployment and address calculation #777

sherlock-admin4 opened this issue Sep 15, 2024 · 0 comments

Comments

@sherlock-admin4
Copy link
Contributor

sherlock-admin4 commented Sep 15, 2024
edited by sherlock-admin2
Loading

xiao

Medium

Differences between ZKSync and Ethereum in handling contract deployment and address calculation

Summary

Differences between ZKSync and Ethereum in handling contract deployment and address calculation

Vulnerability Detail

According to the requirements of the project, this contract will be deployed on the l2 chain, which involves the create operation code. This is a problem in the zk network.
https://github.com/sherlock-audit/2024-08-flayer/tree/0ec252cf9ef0f3470191dcf8318f6835f5ef688c?tab=readme-ov-file#moongate
On Ethereum, it can be safely determined using the formula hash(RLP[address, nonce]). However, on ZKsync, it is advisable to wait until the contract is deployed and catch the ContractDeployed event emitted by the ContractDeployer, which provides the address of the newly deployed contract. The SDK handles all of these processes in the background to simplify the workflow.

Impact

https://docs.zksync.io/build/developer-reference/ethereum-differences/evm-instructions#create-create2

Code Snippet

https://github.com/sherlock-audit/2024-08-flayer/blob/0ec252cf9ef0f3470191dcf8318f6835f5ef688c/flayer/src/contracts/Locker.sol#L311-L313

        // Deploy our new ERC20 token using Clone. We use the impending ID
        // to clone in a deterministic fashion.
        ICollectionToken collectionToken_ = ICollectionToken(
            LibClone.cloneDeterministic(tokenImplementation, bytes32(_collectionCount))
        );
    /// @dev Deploys a deterministic clone of `implementation` with `salt`.
    /// Deposits `value` ETH during deployment.
    function cloneDeterministic(uint256 value, address implementation, bytes32 salt)
        internal
        returns (address instance)
    {
        /// @solidity memory-safe-assembly
        assembly {
            mstore(0x21, 0x5af43d3d93803e602a57fd5bf3)
            mstore(0x14, implementation)
            mstore(0x00, 0x602c3d8160093d39f33d3d3d3d363d3d37363d73)
            instance := create2(value, 0x0c, 0x35, salt)
            if iszero(instance) {
                mstore(0x00, 0x30116425) // `DeploymentFailed()`.
                revert(0x1c, 0x04)
            }
            mstore(0x21, 0) // Restore the overwritten part of the free memory pointer.
        }
    }

Tool used

Manual Review

Recommendation

Use reliable deployment tools and SDKs: For example, ensure that the ZKSync SDK or similar tools handle contract bytecode correctly.
@sherlock-admin2 sherlock-admin2 changed the title Tart Laurel Starling - Differences between ZKSync and Ethereum in handling contract deployment and address calculation xiao - Differences between ZKSync and Ethereum in handling contract deployment and address calculation Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin4