CVE-2024-35229
CVSS V2 None
CVSS V3 None
Description
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern `f(a(),b()); check_if_a_executed_last()` in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a workaround, update and redeploy affected contracts.
Overview
- CVE ID
- CVE-2024-35229
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-27T16:20:27.432Z
- Last Modified Date
- 2024-05-27T16:20:27.432Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-jf9w-7f5g-j95p | x_refsource_CONFIRM |
| https://github.com/matter-labs/era-compiler-solidity/commit/46ce047b51576495779b9f67534207d8154eab79 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-35229 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35229 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 13:55:30 | Added to TrackCVE |