search

code-423n4 / 2024-03-zksync-findings

1 stars 1 forks source link

StateTransitionManager doesn't have ability to set some settings for chain #49

Closed c4-bot-6 closed 5 months ago

c4-bot-6 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-03-zksync/blob/main/code/contracts/ethereum/contracts/state-transition/chain-deps/facets/Admin.sol#L45-L64

Vulnerability details

Proof of Concept

There are several settings that can be set by StateTransitionManager in the admin facet for the chain. All those function use onlyStateTransitionManager modifier.

But StateTransitionManager itself doesn't have any means to call that functions and thus changed the configuration. While all settings are set during initial upgrade of proxy, StateTransitionManager can't change those values for existing chains and invariant is broken.

Impact

StateTransitionManager can't change some settings for the chain.

Tools Used

VsCode

Recommended Mitigation Steps

Implement those functions.

Assessed type

Error

c4-judge commented 5 months ago

alex-ppg marked the issue as duplicate of #52

c4-judge commented 4 months ago

alex-ppg marked the issue as unsatisfactory: Overinflated severity