Open code423n4 opened 1 year ago
miladpiri marked the issue as sponsor confirmed
This is a valid medium issue! thanks!
The warden has shown how, due to an incorrect configuration L2Transactions will expire earlier than intended.
The value would normally be rated a Low Severity, however, because the Warden has shown a more specific impact, I agree with Med Severity
GalloDaSballo marked the issue as selected for report
Lines of code
https://github.com/code-423n4/2022-10-zksync/blob/456078b53a6d09636b84522ac8f3e8049e4e3af5/ethereum/contracts/zksync/Config.sol#L47
Vulnerability details
The
BLOCK_PERIOD
is set to 13 seconds inConfig.sol
.Since moving to Proof-of-Stake (PoS) after the Merge, block times on ethereum are fixed at 12 seconds per block (slots). https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/#:~:text=Whereas%20under%20proof%2Dof%2Dwork,block%20proposer%20in%20every%20slot.
Impact
This results in incorrect calculation of
PRIORITY_EXPIRATION
which is used to determine when a transaction in the Priority Queue should be considered expired.The time difference can be calulated
By using block time of 13 seconds, a transaction in the Priority Queue incorrectly expires 5.5 hours earlier than is expected.
5.5 hours is a significant amount of time difference so I believe this issue to be Medium severity.
Recommendations
Change the block period to be 12 seconds