Closed c4-bot-5 closed 4 months ago
saxenism marked the issue as disagree with severity
We consider this issue QA
at best because the value is currently ignored.
razzorsec (sponsor) acknowledged
The Warden specifies that the P256Verify
precompile will misbehave as it will never yield the writtenValue
to its caller. I would normally classify this as a medium-risk vulnerability despite the Sponsor's statement, however, I investigated the RIP-7212 proposal that the precompile is meant to implement and it denotes that the precompile should yield the success flag rather than the written value.
While the present implementation is "incorrect", it complies with the RIP-7212 (having the same bearing as EIPs) it is meant to implement as the following code:
let writtenValue := mload(32)
if eq(writtenValue, 0) {
return(0, 0)
}
Effectively yields the success bool
at all times that is returned from the precompile. As such, I consider this submission to unfortunately be of QA level despite highlighting an actual issue with the code.
alex-ppg changed the severity to QA (Quality Assurance)
alex-ppg marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-03-zksync/blob/4f0ba34f34a864c354c7e8c47643ed8f4a250e13/code/system-contracts/contracts/precompiles/P256Verify.yul#L76
Vulnerability details
Impact
Incorrect unsafePackPrecompileParams in P256Verify.yul might result in invalid return value.
Proof of Concept
In P256Verify.yul, the secp256r1 circuit is expected to return a two word return value - 1st word:
internalSuccess
(bool); 2nd word: actualwrittenValue
. And a call to this precompile is expected to return the 2nd wordwrittenValue
.This can be seen from the final
return(32,32)
statement.However,
unsafePackPrecompileParams()
is currently incorrectly coded. Notably, the output length in words in hardcoded as1
, which will return only 1 word at the memory 0 location. Based on this, nothing is instructed to be returned at 32.(https://github.com/code-423n4/2024-03-zksync/blob/4f0ba34f34a864c354c7e8c47643ed8f4a250e13/code/system-contracts/contracts/precompiles/P256Verify.yul#L76)
Incorrect hardcoded
precompileParams
might cause future incompatibilities with secp256r1 circuit, and return invalid value.For comparison, current Ecrecover.yul hardcoded the correct parameter for second-word return.
Tools Used
Manual
Recommended Mitigation Steps
Change output length to 2.
Assessed type
Error