Missing checks on `setVerifier` can make `proveBlocks` work in unexpected behaviors until `governor` notices and fixes it

[code423n4]

Lines of code

https://github.com/code-423n4/2022-10-zksync/blob/5a31c9db8ab32175dbd7264b05ce84931b6c0428/ethereum/contracts/zksync/facets/Executor.sol#L260 https://github.com/code-423n4/2022-10-zksync/blob/5a31c9db8ab32175dbd7264b05ce84931b6c0428/ethereum/contracts/zksync/facets/Governance.sol#L94-L100

Vulnerability details

Missing checks on setVerifier can make proveBlocks work in unexpected behaviors until governor notices and fixes it

Summary

In setVerifier, _newVerifier address is assigned with no 0 checks, if wrongly assigned two scenarios posibles:

• Revert as s.verifier.verify_serialized_proof(proofPublicInput, _proof.serializedProof); will call a function that in _newVerifier doesn't exist
• Edge case where target contract contains a function called verify_serialized_proof and returns wrong booleans, leading to accepting unexpected blocks or not accepting expected ones. This would be really edge case but harmful as it don't revert and some blocks would get proved until someone notices.

https://github.com/code-423n4/2022-10-zksync/blob/5a31c9db8ab32175dbd7264b05ce84931b6c0428/ethereum/contracts/zksync/facets/Executor.sol#L260

Github Permalinks

https://github.com/code-423n4/2022-10-zksync/blob/5a31c9db8ab32175dbd7264b05ce84931b6c0428/ethereum/contracts/zksync/facets/Governance.sol#L94-L100

Mitigation

Check zero address before assigning or using it

[c4-sponsor]

miladpiri marked the issue as sponsor disputed

[miladpiri]

Any wrong address can have the same impact, not specifically only address(0). So, this is an invalid issue!

[c4-judge]

Duplicate of https://github.com/code-423n4/2022-10-zksync-findings/issues/351

[GalloDaSballo]

Downgrading to QA Low by convention, agree with the Sponsor that any wrong address can cause issues

L