search

code-423n4 / 2024-03-zksync-findings

1 stars 1 forks source link

User will pay more gas than defined in Ethereum Yellow Paper #45

Closed c4-bot-6 closed 4 months ago

c4-bot-6 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-03-zksync/blob/4f0ba34f34a864c354c7e8c47643ed8f4a250e13/code/system-contracts/bootloader/bootloader.yul#L101-L107

Vulnerability details

Impact

The Ethereum Yellow Paper defines two types of G_txdata:

G_txdatazero - 4 Paid for every zero byte of data or code for a transaction.
G_txdatanonzero - 16 Paid for every non-zero byte of data or code for a transaction.

As we see, non-zero byte of data costs more (16) than a zero byte (4).

However, L1_GAS_PER_PUBDATA_BYTE() implemented in the bootloader.yul does not distinguish between zero byte of data or code for a transaction and non-zero byte of data or code for a transaction. Every operation costs 17. This behavior implies user loss - because the user will always pay the constant amount of gas, even for non-zero byte of data or code for a transaction (which should costs less than a non-zero byte).

Proof of Concept

File: bootloader.yul

 /// @dev The number of L1 gas needed to be spent for
            /// L1 byte. While a single pubdata byte costs `16` gas, 
            /// we demand at least 17 to cover up for the costs of additional
            /// hashing of it, etc.
            function L1_GAS_PER_PUBDATA_BYTE() -> ret {
                ret := 17
            }

As demonstrated above, the number of L1 gas needed to be spend for L1 byte is always constant and it's hardcoded to 17. User will pay 17 gas no matter if it's the zero or non-zero byte of data or code for a transaction.

According to Ethereum Yellow Paper, zero bytes costs less (4) than non-zero ones (16). This requirement is, however, not fulfilled in the bootloader.yul, because both zero and non-zero L1 byte costs 17.

Tools Used

Manual code review

Recommended Mitigation Steps

Separate costs for zero and non-zero byte of data or code for a transaction. The zero byte of data or code for a transaction should cost less.

Assessed type

Other

c4-sponsor commented 5 months ago

saxenism (sponsor) disputed

saxenism commented 5 months ago

We consider this invalid because this is irrelevant. We use a different gas model.

alex-ppg commented 4 months ago

The Warden specifies that users on zkSync Era will pay different gas costs than on Ethereum; this is expected, extensively documented, and in reality it is impossible to pay the same gas cost as in Ethereum due to the zero-knowledge nuisances involved with zkSync Era transactions.

c4-judge commented 4 months ago

alex-ppg marked the issue as unsatisfactory: Invalid