miladpiri
commented
1 year ago It is actually stored during genesis.
Closed code423n4 closed 1 year ago
miladpiri
commented
1 year ago It is actually stored during genesis.
c4-sponsor
commented
1 year ago miladpiri marked the issue as sponsor disputed
GalloDaSballo
commented
1 year ago Verified the Sponsor Statement by using the ZkSync Explorer: https://explorer.zksync.io/address/0x0000000000000000000000000000000000008002#contract
c4-judge
commented
1 year ago GalloDaSballo marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-03-zksync/blob/21d9a364a4a75adfa6f1e038232d8c0f39858a64/contracts/AccountCodeStorage.sol#L21
Vulnerability details
Impact
The bytecode hash of
AccountCodeStorageis not stored in its mapping for the code hashes of the 32-byte account addresses. So,Proof of Concept
AccountCodeStorageis responsible of storing the code hashes of account addresses. Moreover, it mimics the opcodesextcodehashandextcodesizeas EVM.The problem is that this contract bytecode hash is not stored in its storage:
extcodehash(the address of AccountCodeStorage), it returns 0. This is not correct, it should return the correct bytecode hash ofAccountCodeStorage.extcodesize(the address of AccountCodeStorage), it returns 0. This is not correct, it should return the correct bytecode length ofAccountCodeStorage.Tools Used
Recommended Mitigation Steps
It is recommended to set the bytecode hash of
AccountCodeStorageat the time of deploying this contract (constructor) in its storage.