Closed code423n4 closed 1 year ago
minhquanym marked the issue as primary issue
CJ42 marked the issue as sponsor disputed
This is invalid, as the issue is related to a specific blockchain environment, not the contracts themselves.
trust1995 marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/ERC725Alliance/ERC725/blob/v5.1.0/implementations/contracts/ERC725XCore.sol#L221-L245
Vulnerability details
Bug Description
In the contest's Scoping Details, the sponsor states that Universal Profiles might eventually be deployed across multiple chains:
According to ZKSync Era's documentation, the bytecode of a contract must be known beforehand by the compiler for the
CREATE
/CREATE2
opcode to work:However, in
_deployCreate()
and_deployCreate2()
, the contract's bytecode is provided by the caller as an argument toexecute()
:ERC725XCore.sol#L221-L245
Therefore, these functions will not work on ZKSync Era.
Impact
If Universal Profiles are deployed on ZKSync Era, users will not be able to deploy contracts through
LSP0ERC725Account
.Recommended Mitigation
Unfortunately, this is a limitation of the ZKSync Era chain that cannot be avoided.
Assessed type
Other