CVE-2024-35229
📋 TL;DR
This vulnerability in ZKsync Era's Yul compiler involves incorrect evaluation order of function arguments in specific patterns like f(a(),b()); check_if_a_executed_last(). This could allow smart contracts to execute in unexpected ways, potentially leading to logic errors or security issues. Affected users are those running ZKsync Era smart contracts compiled with vulnerable versions.
💻 Affected Systems
- ZKsync Era compiler for Solidity
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Smart contracts could execute with incorrect state or logic, potentially allowing unauthorized state changes, fund manipulation, or contract logic bypass in deployed applications.
Likely Case
Smart contracts may exhibit unexpected behavior or logic errors when using the specific vulnerable Yul pattern, potentially causing application failures or incorrect calculations.
If Mitigated
With proper controls and monitoring, impact is limited to specific contract patterns, allowing for detection and remediation before significant damage occurs.
🎯 Exploit Status
Exploitation requires specific vulnerable Yul patterns in smart contracts and understanding of contract logic to trigger malicious behavior.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.10
Vendor Advisory: https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-jf9w-7f5g-j95p
Restart Required: No
Instructions:
1. Update ZKsync Era compiler to version 1.3.10 or later. 2. Recompile all affected smart contracts with the updated compiler. 3. Redeploy recompiled contracts to replace vulnerable versions.
🔧 Temporary Workarounds
Update and Redeploy
allUpdate compiler and redeploy affected contracts as temporary measure
npm update @matterlabs/hardhat-zksync-solc
npx hardhat compile --force
npx hardhat deploy-zksync
🧯 If You Can't Patch
- Audit all smart contracts for the vulnerable Yul pattern f(a(),b()); check_if_a_executed_last() and manually fix affected code sections.
- Implement enhanced monitoring and alerting for unexpected contract behavior or state changes in production systems.
🔍 How to Verify
Check if Vulnerable:
Check compiler version in package.json or run: npx hardhat --version | grep zksolcCheck Version:
npx hardhat --version | grep zksolcVerify Fix Applied:
Verify compiler version is 1.3.10 or later and recompile contracts to ensure no vulnerable patterns remain.📡 Detection & Monitoring
Log Indicators:
- Unexpected contract execution patterns
- Contract state changes that violate expected logic
- Compiler version logs showing pre-1.3.10 versions
Network Indicators:
- Unusual transaction patterns to affected contracts
- Contract calls that trigger the specific vulnerable Yul pattern
SIEM Query:
source="smart_contract_logs" AND (message="unexpected execution order" OR message="contract logic violation")🔗 References
- https://github.com/matter-labs/era-compiler-solidity/commit/46ce047b51576495779b9f67534207d8154eab79
- https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-jf9w-7f5g-j95p
- https://github.com/matter-labs/era-compiler-solidity/commit/46ce047b51576495779b9f67534207d8154eab79
- https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-jf9w-7f5g-j95p
