Blockchain security firm ChainLight has discovered a vulnerability in the zkSync Era protocol that could lead to hundreds of millions of dollars in losses.
The bug found by ChainLight was caused by the circuits used by zkSync Era. These circuits enable verifying the accuracy of transaction information without revealing sensitive information about the parties involved in the transaction.
According to the statement made by ChainLight, potential attackers could use this vulnerability to manipulate but still verify transactions within blocks. Smart contracts at the Layer 1 level would not be able to detect manipulated transaction information in this case.
If such an attack is successful, 100,000 Ethereum (ETH) There could be a loss in value.
However, zkSync Era’s security layers made such an attack difficult to carry out. According to the statements of Anton Astafiev, security manager of Matter Labs, which developed the infrastructure of ZkSync Era, such an attack can only be carried out at Matter Labs. high level access authority Someone who was there could make it happen.
For this, the attacker had to either have access to the backend of the protocol or have the private key that the protocol uses to sign blocks.
According to the statement made by ChainLight, Matter Labs resolved the problem in a short time after the situation was reported. For reporting to the ChainLight team 50,000 USDC reward was given.