search

code-423n4 / 2024-03-zksync-findings

2 stars 1 forks source link

StateTransitionManager.unfreezeChain calls wrong function #48

Closed c4-bot-4 closed 8 months ago

c4-bot-4 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-03-zksync/blob/main/code/contracts/ethereum/contracts/state-transition/StateTransitionManager.sol#L166

Vulnerability details

Proof of Concept

Using StateTransitionManager.freezeChain function admin can freeze specific chain. This means that all non freezable facets will not be callable anymore.

StateTransitionManager.unfreezeChain function should do the opposite action, however it by mistake calls freeze as well, which means that it will be not possible to unfreeze proxy.

Impact

Not possible to unfreeze proxy. Need to do upgrade.

Tools Used

VsCode

Recommended Mitigation Steps

Use correct function to unfreeze.

Assessed type

Error

c4-judge commented 8 months ago

alex-ppg marked the issue as duplicate of #97

c4-judge commented 8 months ago

alex-ppg changed the severity to 3 (High Risk)

c4-judge commented 7 months ago

alex-ppg changed the severity to 2 (Med Risk)

c4-judge commented 7 months ago

alex-ppg marked the issue as partial-75