First Flight #4: Boss Bridge
First Flight #4
Beginner FriendlyFoundryBridge
100 EXP
View results
Previous Next
Submission Details
Severity: high
Valid

Deploy token contract cannot work in zksync

Cryptor

Summary

Deploy token contract cannot work in zksync

Vulnerability Details

observe the following code

function deployToken(string memory symbol, bytes memory contractBytecode) public onlyOwner returns (address addr) {
assembly {
addr := create(0, add(contractBytecode, 0x20), mload(contractBytecode))
}
s_tokenToAddress[symbol] = addr;
emit TokenDeployed(symbol, addr);
}

https://github.com/Cyfrin/2023-11-Boss-Bridge/blob/1b33f63aef5b6b06acd99d49da65e1c71b40a4f7/src/TokenFactory.sol#L23-L29

zkSync Era's compiler needs to be aware of the deployed contract's bytecode in advance, as it internally completes the calldata arguments for the ContractDeployer system contract. The create function shown above will not work correctly because the bytecode is not known beforehand, leading to a potential malfunction of the contract deployment.

Impact

DeployToken Contract will not compile on zksync

Tools Used

Manual Review

Recommendations

Use create2 instead of create

Updates

Lead Judging Commences

0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

deployToken(): zksync compatibility issues

Cryptor Submitter
over 1 year ago
0xnevi Lead Judge
over 1 year ago
0xnevi Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

deployToken(): zksync compatibility issues

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.