search

code-423n4 / 2022-10-zksync-findings

3 stars 0 forks source link

QA Report #320

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Low and qna reports

[L-01] Use of Block.timestamp

Block timestamps have historically been used for a variety of applications, such as entropy for random numbers (see the Entropy Illusion for further details), locking funds for periods of time, and various state-changing conditional statements that are time-dependent. Miners have the ability to adjust timestamps slightly, which can prove to be dangerous if block timestamps are used incorrectly in smart contracts.

File: ethereum\contracts\zksync\facets\Executor.sol

50: bool timestampNotTooSmall = block.timestamp - COMMIT_TIMESTAMP_NOT_OLDER <= l2BlockTimestamp;
51: bool timestampNotTooBig = l2BlockTimestamp <= block.timestamp + COMMIT_TIMESTAMP_APPROXIMATION_DELTA;

File: ethereum\contracts\zksync\facets\DiamondCut.sol

52: bool upgradeNoticePeriodPassed = block.timestamp >= s.diamondCutStorage.proposedDiamondCutTimestamp + UPGRADE_NOTICE_PERIOD;

[L-02] Event is missing indexed fields

Index event fields make the field more quickly accessible to off-chain tools that parse events. However, note that each index field costs extra gas during emission, so it’s not necessarily best to index the maximum allowed per event (three fields). Each event should use three indexed fields if there are three or more fields, and gas usage is not particularly of concern for the events in question. If there are fewer than three fields, all of the fields should be indexed.

File: ethereum\contracts\zksync\libraries\Diamond.sol

16:     event DiamondCut(FacetCut[] facetCuts, address initAddress, bytes initCalldata);

File: ethereum\contracts\zksync\interfaces\IMailbox.sol

    event NewPriorityRequest(
        uint256 txId,
        bytes32 txHash,
        uint64 expirationBlock,
        L2CanonicalTransaction transaction,
        bytes[] factoryDeps
    );

https://github.com/code-423n4/2022-10-zksync/blob/456078b53a6d09636b84522ac8f3e8049e4e3af5/ethereum/contracts/zksync/libraries/Diamond.sol#L16

https://github.com/code-423n4/2022-10-zksync/blob/456078b53a6d09636b84522ac8f3e8049e4e3af5/ethereum/contracts/zksync/interfaces/IMailbox.sol#L95-L101

GalloDaSballo commented 1 year ago

Low impact and misguided

c4-judge commented 1 year ago

GalloDaSballo marked the issue as grade-c