Closed c4-submissions closed 9 months ago
bytes032 marked the issue as low quality report
GalloDaSballo changed the severity to QA (Quality Assurance)
Part of the current setup, potentially OOS as known
Although it is by design, it can be QA.
miladpiri marked the issue as disagree with severity
miladpiri (sponsor) acknowledged
Hi @GalloDaSballo, Thank you for reviewing this submission.
Zero Knowledge rollups are designed to provide users with the assurance that once a transaction is finalized, no one can prevent them from accessing their funds. This is a fundamental principle of zk-rollups, and zkSync claims to adhere to this principle.
The zkSync documentation clearly affirms this promise (link1, link2):
After that, the withdrawal action will be available to be finalized by anyone in the L1 bridge (by proving the inclusion of the L2 -> L1 message, which is done when calling the finalizeWithdrawal method on the L1 bridge contract)
Finalized: This indicates that the SNARK validity proof for the transaction has been submitted and verified by the smart contract. After this step, the transaction is considered to be final.
This issue, however, demonstrates for L2 blocks that despite being verified and finalized on L1, zkSync's availability can be compromised, preventing users from accessing their funds. This contradicts the assurances given in the project documentation.
Essentially, governance has the ability to block access to zkSync's history on L1, rendering the implementation inconsistent with the documentation's promises. This risk remains unaddressed, and users should be informed of this potential for disruption. This issue is not documented as a known risk or potential issue for users in contest page or documentation.
The ability to block access to finalized transactions undermines the core principles of zk-rollups and raises serious concerns about the security and usability of zkSync.
Furthermore, my report shows the same concerns raised in this Optimism report regarding finalized blocks (in optimistic rollups txs finalized after 7 days):
if finalization period is crossed then no matter what, transaction should be considered confirmed and challenger shouldn't be able to compromise them
thanks @0xunforgiven It can be a decentralization risk and better to be put in analysis section. The freezing mechanism can be triggerred by the governor and is helpful in case of critical security situations, so when the protocol is frozen it means something unexpected has happened. So, it is safer to not allow users to withdraw. This is by design, so QA.
I believe this is already acknowledged through documentation as well as the known issues, QA is appropriate
Lines of code
https://github.com/code-423n4/2023-10-zksync/blob/1fb4649b612fac7b4ee613df6f6b7d921ddd6b0d/code/contracts/ethereum/contracts/zksync/facets/Mailbox.sol#L49-L109
Vulnerability details
Impact
functions
proveL2MessageInclusion()
,proveL2LogInclusion()
andproveL1ToL2TransactionStatus()
in MailBox contract haveview
modifier and they only verify a message inclusion in proven and executed batch commitment. but because they are inside MailBox facet if the zkSync diamond was frozen then it won't be possible to call them. the side effect is that some functions of L1ERC20Bridge and L1WethBridge won't be callable likeclaimFiledDeposits()
andfinializeWithdraw()
for proven and executed batches. the users funds won't be accessible while the zkSync diamond is frozen and this is in contradiction to how zk-rollups designed. when a batch commitment is proved and executed in the zkSync then it is final and those data should be available and verifiable by anyone. even so freezing the MailBox is only possible by Governance contract, I believe Governance shouldn't be able to block users access to their funds that legitimately has been proved and executed in the L2 network (zkSync contracts). so IMO this has Medium Severity because Governance can block users access to their funds. when a batch executes in the zkSync then it is final and even governance shouldn't be able to deny others on-chain contract access to those verified batches.Proof of Concept
This is
proveL2MessageInclusion()
,proveL2LogInclusion()
andproveL1ToL2TransactionStatus()
codes:As you can see they are all view functions and they just check for inclusion of the message, log or transaction status in proved and executed batches. denying access to these functions is like blocking access to old verified blocks information for on-chain contracts.
This is
claimFailedDeposit()
andfinalizeWithdrawal()
code in L1ERC20Bridge:As you can see they call view function
proveL2MessageInclusion()
andproveL1ToL2TransactionStatus()
to verify information about zkSync L2 blocks and if the zkSync was frozen then these logics won't work and users can't withdraw and claim their funds.Tools Used
VIM
Recommended Mitigation Steps
move those 3 functions to Getter Facet that shouldn't be freezable.
note:
I don't have backstage access and I can't comment during Post-Judging QA duration. so if you as judge or sponsor have any question regarding the issue please contact me directly.
Assessed type
Access Control