When a batch, initially committed with system contract upgrades, is rolled back using the revertBatches() function to stop its execution, any subsequent batches that were meant to be committed without system contract upgrades will instead be committed as if they had system contract upgrades

[c4-bot-2]

Lines of code

https://github.com/code-423n4/2024-03-zksync/blob/main/code/contracts/ethereum/contracts/state-transition/chain-deps/facets/Executor.sol#L481-L493

Vulnerability details

Impact

impact at https://github.com/code-423n4/2023-10-zksync-findings/issues/527 report

Proof of Concept

Proof at https://github.com/code-423n4/2023-10-zksync-findings/issues/527 report

Tools Used

Manual Review

Recommended Mitigation Steps

Protocol should consider deleting s.l2SystemContractsUpgradeTxHash along side batch number under every circumstance that s.l2SystemContractsUpgradeBatchNumber is deleted

Assessed type

Context

[c4-sponsor]

saxenism marked the issue as disagree with severity

[c4-sponsor]

saxenism marked the issue as agree with severity

[c4-sponsor]

saxenism (sponsor) disputed

[saxenism]

This is a design choice. The team does not see how this design choice poses a security threat.

[alex-ppg]

The exhibit cites precedence that the Sponsor has acknowledged as by design here.

Similarly to the double jeopardy rule, I cannot in good faith consider a past finding that the Sponsor deliberately acknowledged as by design to be awarded again unless it was a flaw that can be demonstrated undeniably.

As such, I consider this exhibit Out-of-Scope given that past findings are explicitly specified as such in the contest's description.

[c4-judge]

alex-ppg marked the issue as unsatisfactory: Out of scope