MultiAccount._deployContract() is used by _deployPartyA() which is used by addAccount()
Due to not letting the compiler know of bytecode by using type(myContract).creationCode to generate the bytecode, MultiAccount.addAccount() won't be able to deploy partyA accounts on zksync chain.
Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
MultiAccount.addAccount() won't be able to deploy partyA accounts on zksync chain due to how create2 is used
PoC
No response
Mitigation
Use type(myContract).creationCode to generate the bytecode for the create2, that way compiler is aware of the bytecode beforehand
AuditorPraise
Medium
create2 works differently on ZkSync Era
Summary
According to contest readme, issues related to any evm chain is in-scope for this contest.
create2 works differently on ZkSync Era
Root Cause
https://github.com/sherlock-audit/2024-09-symmio-v0-8-4-update-contest/blob/main/protocol-core/contracts/multiAccount/MultiAccount.sol#L179 create2 works differently on ZkSync Era, it cannot be used for arbitrary code unknown to the compiler. zkSynce Era Docs)
The below code snippet won't function correctly because the compiler is not aware of the bytecode beforehand
MultiAccount._deployContract()
is used by_deployPartyA()
which is used byaddAccount()
Due to not letting the compiler know of bytecode by using
type(myContract).creationCode
to generate the bytecode,MultiAccount.addAccount()
won't be able to deploy partyA accounts on zksync chain.Internal pre-conditions
No response
External pre-conditions
No response
Attack Path
No response
Impact
MultiAccount.addAccount()
won't be able to deploy partyA accounts on zksync chain due to how create2 is usedPoC
No response
Mitigation
Use
type(myContract).creationCode
to generate the bytecode for the create2, that way compiler is aware of the bytecode beforehand