Submission Details
Severity:
Deploy token contract cannot work in zksync
Summary
Deploy token contract cannot work in zksync
Vulnerability Details
observe the following code
function deployToken(string memory symbol, bytes memory contractBytecode) public onlyOwner returns (address addr) {
assembly {
addr := create(0, add(contractBytecode, 0x20), mload(contractBytecode))
}
s_tokenToAddress[symbol] = addr;
emit TokenDeployed(symbol, addr);
}
zkSync Era's compiler needs to be aware of the deployed contract's bytecode in advance, as it internally completes the calldata arguments for the ContractDeployer system contract. The create function shown above will not work correctly because the bytecode is not known beforehand, leading to a potential malfunction of the contract deployment.
Impact
DeployToken Contract will not compile on zksync
Tools Used
Manual Review
Recommendations
Use create2 instead of create
Updates
Lead Judging Commences
0xnevi over 1 year ago
Submission Judgement Published Assigned finding tags:
deployToken(): zksync compatibility issues
Cryptor
over 1 year ago
0xnevi
over 1 year ago
0xnevi over 1 year ago
Submission Judgement Published Assigned finding tags:
deployToken(): zksync compatibility issues
Rewards breakdown
nSLOC
99This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.