createEdition function will not work correctly on the zkSync, preventing from the correct address deployment
Summary
The createEdition is responsible for the edition address creation and further initialization and publishment. However, as stated that the protocol will be deployed on the zkSync, this function will not work correctly on the zkSync due to different CREATE/CREATE2 behaviour.
Vulnerability Detail
As we can see that the new address is created via the
When we examine the further flow of the clone function, we could see that the instance is created via the assembly
mstore(0x21, 0x5af43d3d93803e602a57fd5bf3)
mstore(0x14, implementation)
mstore(0x00, 0x602c3d8160093d39f33d3d3d3d363d3d37363d73)
instance := create(value, 0x0c, 0x35)
if iszero(instance) {
mstore(0x00, 0x30116425) // `DeploymentFailed()`.
revert(0x1c, 0x04)
}
mstore(0x21, 0) // Restore the overwritten part of the free memory pointer.
}
So, the instance is created via this: instance := create(value, 0x0c, 0x35).
But, in the official zkSync docs we can see that
To guarantee that create/create2 functions operate correctly, the compiler must be aware of the bytecode of the deployed contract in advance.
In our case the function doesn't know the bytecode of the deployed contract it advance, and this will lead to the problems during the deployment on the zkSync and further revert or incorrect address creation.
Impact
The edition will not be created on the zkSync, and it will break the overall idea of the protocol.
ArsenLupin
high
createEdition function will not work correctly on the zkSync, preventing from the correct address deployment
Summary
The createEdition is responsible for the edition address creation and further initialization and publishment. However, as stated that the protocol will be deployed on the zkSync, this function will not work correctly on the zkSync due to different CREATE/CREATE2 behaviour.
Vulnerability Detail
As we can see that the new address is created via the
When we examine the further flow of the clone function, we could see that the instance is created via the assembly
So, the instance is created via this: instance := create(value, 0x0c, 0x35).
But, in the official zkSync docs we can see that
To guarantee that create/create2 functions operate correctly, the compiler must be aware of the bytecode of the deployed contract in advance.In our case the function doesn't know the bytecode of the deployed contract it advance, and this will lead to the problems during the deployment on the zkSync and further revert or incorrect address creation.
Impact
The edition will not be created on the zkSync, and it will break the overall idea of the protocol.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/TitlesCore.sol#L79
Tool used
Manual Review
Recommendation
Assure that during the creation the compiler must be aware about bytecode of the deployed contract in advance. For example you can use create2 insted
Duplicate #91