Incorrect usage of EIP-150

[code423n4]

Lines of code

https://github.com/code-423n4/2023-03-zksync/blob/21d9a364a4a75adfa6f1e038232d8c0f39858a64/contracts/ContractDeployer.sol#L323 https://github.com/code-423n4/2023-03-zksync/blob/21d9a364a4a75adfa6f1e038232d8c0f39858a64/contracts/DefaultAccount.sol#L83 https://github.com/code-423n4/2023-03-zksync/blob/21d9a364a4a75adfa6f1e038232d8c0f39858a64/contracts/DefaultAccount.sol#L151

Vulnerability details

Impact

Detailed description of the impact of this finding.

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Recommended Mitigation Steps

[GalloDaSballo]

Missing description, flagging as the idea that the call should receive 63/64 instead of all gas

[c4-judge]

GalloDaSballo marked the issue as primary issue

[c4-sponsor]

miladpiri marked the issue as sponsor disputed

[miladpiri]

There is no description.

[GalloDaSballo]

@miladpiri while the finding is empty are there any considerations around limiting recursive calls gas? It seems like the system allows to call an infinite amount of targets while not reducing the gas, meaning this may be used to attack the sequencer

Do you think this is not a valid concern?

[vladbochok]

while the finding is empty are there any considerations around limiting recursive calls gas?

zkSync Era implements the EIP-150 63/64 rule. So the same consideration as on Ethereum.

[GalloDaSballo]

With the information I have available, there is no reason to believe that the call or mimicCall functions should explicitly forward 63/64th gas, as that's something that the zkEVM would enforce at the node layer.

Due to this, I will close for lack of proof, I recommend the Warden to check on the deployed system and follow up with the Sponsor if they can generate a valid finding

[c4-judge]

GalloDaSballo marked the issue as unsatisfactory: Insufficient proof