Incompatibility of `deployToken` Function with zkSync's Contract Deployment Mechanism
Vulnerability Details
The deployToken function in the TokenFactory contract is not compatible with zkSync's contract deployment mechanism. zkSync Era requires contract deployment to be executed using the hash of the bytecode. The factoryDeps field in EIP712 transactions must contain the bytecode, and the actual deployment happens by providing the contract's hash to the ContractDeployer system contract. The deployToken function, as currently implemented, does not conform to these requirements. see ZKSync docs Differences with Ethereum
Impact
This incompatibility restricts the deployToken function from functioning as intended on zkSync Era. This limitation hampers the contract's usability and interoperability within the zkSync ecosystem, potentially impacting its effectiveness and applicability on this platform.
Recommendations
-
Revise Deployment Method: Adapt the
deployTokenfunction to align with zkSync's contract deployment requirements, particularly the use of bytecode hashes and handling thefactoryDepsfield appropriately. -
Include Comprehensive Testing: It is crucial to include tests for any factory functionality that deploys child contracts, especially using
type(T).creationCode, to ensure compatibility and correct functionality on zkSync Era.
By implementing these changes, the TokenFactory contract can be made compatible with zkSync's unique deployment mechanism, ensuring successful operation on this platform.
Lead Judging Commences
deployToken(): zksync compatibility issues
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.