zkSync Era System Contracts contest - 0x73696d616f's results

Rely on math, not validators.

General Information

Platform: Code4rena

Start Date: 10/03/2023

Pot Size: $180,500 USDC

Total HM: 6

Participants: 19

Period: 9 days

Judge: GalloDaSballo

Total Solo HM: 2

Id: 221

League: ETH

zkSync

Findings Distribution

Researcher Performance

Rank: 13/19

Findings: 1

Award: $1,366.84

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest Page Github Contest Repository Github Findings Repository zkSync

Findings Information

🌟 Selected for report: HE1M

Also found by: 0x73696d616f, minaminao, rvierdiiev

Labels

bug

2 (Med Risk)

partial-50

duplicate-70

Awards

1366.8409 USDC - $1,366.84

External Links

Link to GitHub issue

Lines of code

https://raw.githubusercontent.com/matter-labs/zksync-web-era-docs/main/docs/dev/tutorials/aa-daily-spend-limit.md#L828 https://raw.githubusercontent.com/matter-labs/zksync-web-era-docs/main/docs/dev/tutorials/aa-daily-spend-limit.md#L830

Vulnerability details

Impact

Many protocols rely on smaller time windows to function properly (games, HFT), so they would not be as interested to enter the zkSync ecosystem. What is more, given the difference to Ethereum 15 seconds block.timestamp update, it might go unnoticed for some developers and cause loss of funds or broken functionally.

Proof of Concept

Using the L1 block timestamp (where the batch of transactions is included) means that, on L2, block.timestamp will change only once every 5-10 minutes. Both Optimism and Arbitrum, for example, are tackling this issue, https://community.optimism.io/docs/developers/build/differences/#pre-eip-155-support and https://developer.arbitrum.io/migration/dapp_migration.

Tools Used

VsCode

Recommended Mitigation Steps

Use L2 block.timestamp in the L2 contracts.

#0 - GalloDaSballo
2023-03-21T10:43:44Z

https://github.com/code-423n4/2023-03-zksync/blob/21d9a364a4a75adfa6f1e038232d8c0f39858a64/README.md#L469-L470

This contract is used to support various system parameters not included in the VM by default, i.e. `chainId`, `origin`, `gasPrice`, `blockGasLimit`, `coinbase`, `difficulty`, `baseFee`, `blockhash`, `block.number`, `block.timestamp.`

#1 - c4-judge
2023-03-21T10:44:06Z

GalloDaSballo marked the issue as unsatisfactory: Insufficient proof

#2 - c4-judge
2023-04-12T08:18:17Z

GalloDaSballo marked the issue as duplicate of #70

#3 - c4-judge
2023-04-12T08:18:25Z

GalloDaSballo marked the issue as partial-50

#4 - GalloDaSballo
2023-04-12T08:19:16Z

Recommend the Warden to spend more time on their reports as I had dismissed this one as low quality

#5 - GalloDaSballo
2023-04-12T08:19:27Z

50% because of the lack of detail

zkSync Era System Contracts contest - 0x73696d616f's results

Rely on math, not validators.

General Information

Findings Distribution

Researcher Performance

External Links

[M-04] Block.timestamp returns L1 batch time and not L2 block time - $1,366.84

Findings Information

Labels

Awards

External Links

Lines of code

Vulnerability details

Impact

Proof of Concept

Tools Used

Recommended Mitigation Steps

#0 - GalloDaSballo2023-03-21T10:43:44Z

#1 - c4-judge2023-03-21T10:44:06Z

#2 - c4-judge2023-04-12T08:18:17Z

#3 - c4-judge2023-04-12T08:18:25Z

#4 - GalloDaSballo2023-04-12T08:19:16Z

#5 - GalloDaSballo2023-04-12T08:19:27Z

#0 - GalloDaSballo
2023-03-21T10:43:44Z

#1 - c4-judge
2023-03-21T10:44:06Z

#2 - c4-judge
2023-04-12T08:18:17Z

#3 - c4-judge
2023-04-12T08:18:25Z

#4 - GalloDaSballo
2023-04-12T08:19:16Z

#5 - GalloDaSballo
2023-04-12T08:19:27Z