First Flight #4: Boss Bridge

Summary

In the README.md is said that the TokenFactory contract will be deployed to chains Ethereum Mainnet and ZKSync Era. But there are some differences in implementations for deploying smart contracts between ZKSync Era and Ethereum Mainnet chains.

Vulnerability Details

The dokumentation of ZKSync Era chain says:

"On zkSync Era, contract deployment is performed using the hash of the bytecode, and the factoryDeps field of EIP712 transactions contains the bytecode. The actual deployment occurs by providing the contract's hash to the ContractDeployer system contract.

To guarantee that create/create2 functions operate correctly, the compiler must be aware of the bytecode of the deployed contract in advance. The compiler interprets the calldata arguments as incomplete input for ContractDeployer, as the remaining part is filled in by the compiler internally. The Yul datasize and dataoffset instructions have been adjusted to return the constant size and bytecode hash rather than the bytecode itself."

The TokenFactory::deployToken function will not function correctly by deploying at the ZKSync Era chain because the compiler is not aware of the bytecode beforehand:

https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2

Impact

Due to the differences in implementation of the deploying for the chains Ethereum Mainnet and ZKSync Era, the TokenFactory::deployToken function will work without problem on Ethereum Mainnet, but will not work correctly on ZKSync Era and the token will be not deployed at that chain.

Tools Used

VS Code

Recommendations

Rewrite the TokenFactory::deployToken according to the ZKSync Era documentation to deploy the token correctly at ZKSync Era chain.