Unknown byte code at compile time
Summary
TokenFactory Contract is going to be deployed on zksync era and deployToken function takes in the bytes code of the contract to create as a parameter which can cause the token to not deploy correctly according to the intention of the developer.
Vulnerability Details
According to zksyncera documentation state here (here)[https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2] in order to guarantee the correctness of the contract to be created the bytes code of the contract must be known at compiled time because the way it calculate it's address is different from Ethereum virtual machine but the bytes code at the compile timr for create Token function is passed asn an arguement to the contract which can make the deployment of a token to not function correctly since the compiler is not aware of the bytes code involve.
Impact
Wrong creation of Token on zksync era
Tools Used
Manual Review
Recommendations
The team should import the bytescode of the token needed to be deployed in tokenfactory.sol so that it can be known at the compile time and deploying it on zksync era will not have any suspicious issue.
Lead Judging Commences
deployToken(): zksync compatibility issues
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.