Using this bug would have needed the most extraordinary security privileges levels across zkSync Era’s infrastructure.
ChainLight, a blockchain security audit company, detected a susceptibility in the zkSync Era protocol, which, if made use of, could have resulted in a $1.9 billion loss.
ChainLight Detects Bug within zk-Circuits
The bug was located in zkSync Era’s zk-circuits. The circuits are made to authenticate transaction data accurately without revealing crucial details concerning the counterparties.
ChainLight’s blog post explained that the bug could have permitted a malevolent actor to exploit transactions within a block and have them validated as correct. This could have resulted in these proofs’ acceptance by layer-1 smart contacts without awareness of the manipulated transaction values. In case the attack was effective, 100000 ether (ETH) worth approximately $1.9B could have been drained.
In spite of this, the zkSync Era had several layers of security. As such, it would have been hard for a person to carry out the exploit without being part of Matter Labs, which is zkSync Era’s infrastructure team.
zkSync Era Layers of Security Prove Critical to Avert Exploit
Matter Labs’ security head, Anton Astafiev, revealed that the highest level of security privilege across the bug’s infrastructure was needed to exploit it. An attacker was required to access the protocol’s backend to introduce the malevolent code.
Alternatively, they would be required to access its validator private key utilized to sign blocks. An attacker would also be required to undergo a compulsory 21-hour waiting spell prior to extracting funds owing to an execution hold-up.
Astafiev said the bug is linked to their old prover instead of the present Boojum. This means that soon, the code will be entirely outdated and retired. After a notification concerning the critical bug, ChainLight revealed that the Matter Labs group had swiftly responded to the report and rectified the matter.
ChainLight Earns 50000 USDC Reward for Detecting Bug
For identifying the bug, the ChainLight team got a 50,000 USDC reward. Astafiev said the bug under consideration was not officially part of the public interest or the ongoing bug bounty programs. After receiving out-of-scope results, they evaluate them on the basis of real-world influence to establish their significance as well as the equivalent prize.
Astafiev revealed that the Matter Labs group is hoping for continued partnership with ChainLight as well as other organizations focused on security. He said such findings are crucial reminders of the importance of multi-layer defense architectures such as the ones executed for zkSync by Matter Labs. Since no protection layers are seamlessly safe, points of failure should not exist.