search

code-423n4 / 2024-03-zksync-findings

2 stars 1 forks source link

StateTransitionManager.unfreezeChain() can't execute #76

Closed c4-bot-5 closed 8 months ago

c4-bot-5 commented 8 months ago

Lines of code

https://github.com/code-423n4/2024-03-zksync/blob/4f0ba34f34a864c354c7e8c47643ed8f4a250e13/code/contracts/ethereum/contracts/state-transition/StateTransitionManager.sol#L166

Vulnerability details

Vulnerability details

StateTransitionManager.unfreezeChain() the code is as follows:

contract StateTransitionManager is IStateTransitionManager, ReentrancyGuard, Ownable2Step {
...
    function unfreezeChain(uint256 _chainId) external onlyOwner {
        IZkSyncStateTransition(stateTransition[_chainId]).freezeDiamond();
    }

This method is used for unfreeze, but it calls freezeDiamond(), which makes it impossible to unfreeze properly.

Impact

StateTransitionManager cannot unfreeze zkSync.

Although admin of zkSync can do unfreeze directly by zkSync.unfreezeDiamond()

However, admin is usually a multi-sign account, and to execute it would require a new wait for more time during which time zkSync would be fully freeze

Recommended Mitigation

    function unfreezeChain(uint256 _chainId) external onlyOwner {
-       IZkSyncStateTransition(stateTransition[_chainId]).freezeDiamond();
+       IZkSyncStateTransition(stateTransition[_chainId]).unfreezeDiamond();
    }

Assessed type

Context

c4-judge commented 8 months ago

alex-ppg marked the issue as duplicate of #97

c4-judge commented 8 months ago

alex-ppg changed the severity to 3 (High Risk)

c4-judge commented 7 months ago

alex-ppg changed the severity to 2 (Med Risk)

c4-judge commented 7 months ago

alex-ppg marked the issue as satisfactory