search

sherlock-audit / 2024-02-leverage-contracts-judging

1 stars 0 forks source link

0xDetermination - Protocol will be bricked on zkSync due to `computePoolAddress()` calculation #35

Closed sherlock-admin closed 6 months ago

sherlock-admin commented 6 months ago

0xDetermination

medium

Protocol will be bricked on zkSync due to computePoolAddress() calculation

Summary

computePoolAddress() bricks the protocol on zkSync.

Vulnerability Detail

computePoolAddress() works for all EVM-compatible L2s, but zkSync is not really EVM-compatible. It uses a different method to calculate contract addresses (https://docs.zksync.io/build/developer-reference/differences-with-ethereum.html#create-create2).

Impact

Protocol won't function on zkSync.

Code Snippet

https://github.com/sherlock-audit/2024-02-leverage-contracts/blob/main/wagmi-leverage/contracts/abstract/ApproveSwapAndPay.sol#L251

Tool used

Manual Review

Recommendation

Refactor computePoolAddress() to be compatible with zkSync or create a different contract for zkSync.

fann95 commented 6 months ago

I have already answered in the previous audit. If we deploy to zkSync then the appropriate corrections will be made. Without them, the contract will not work.There is no bug or vulnerability here.

nevillehuang commented 6 months ago

Invalid, known issue not fixed as seen here

So based on the following sherlock rule, this is invalid

  1. In an update contest, issues from the previous contest with wont fix labels are not considered valid.