Vyper compiler version incompatible with current zkSync tooling
Summary
Currently, zkSync's compiler for the vyper language is only compatible with certain vyper 0.3.x versions. The specified vyper version in the contract v0.4.0b1 is not (yet) supported by the zkSync tooling chain.
Vulnerability Details
zkSync's vyper compiler only supports contracts written in vyper v0.3.3, v0.3.9, or v0.3.10 ( https://github.com/matter-labs/era-compiler-vyper , accessed on 3/14/2024).
snek-raffle requires vyper compiler version v0.4.0b1.
Impact
Medium: Deployment to zkSync could be delayed until the desired vyper compiler version is supported. This creates a dependency on external resources.
If the contract is not expected to be functional when deployed to a target blockchain other than Ethereum main-net, this has been considered as a "Medium" vulnerability before (for example, https://www.codehawks.com/finding/clqqv2syu00204d0wpgq5oza7 ).
Tools Used
Manual code inspection.
Recommendations
Rewrite the contract using the latest supported vyper version or wait for zkSync's tooling chain to be updated.
Lead Judging Commences
zkSync not compatible with Vyper version
https://docs.zksync.io/build/developer-reference/contract-development.html
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.