CVE-2024-34704
CVSS V2 None
CVSS V3 None
Description
era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the `DAGCombine` phase while visiting the XOR operation. The issue arises when attempting to fold the expression `!(x cc y)` into `(x !cc y)`. To perform this transformation, the second operand of XOR should be a constant representing the true value. However, it was incorrectly assumed that -1 represents the true value, when in fact, 1 is the correct representation, so this transformation for this case should be skipped. This vulnerability is fixed in 1.4.1.
Overview
- CVE ID
- CVE-2024-34704
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-13T19:13:27.510Z
- Last Modified Date
- 2024-06-04T17:42:30.012Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-22pj-7cvw-r3gc | x_refsource_CONFIRM |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-34704 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34704 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 14:15:37 | Added to TrackCVE |