Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CallbackLib#validateCallback() - address computation will not work on zkSync #17

Closed
c4-submissions opened this issue Nov 28, 2023 · 2 comments
Closed

CallbackLib#validateCallback() - address computation will not work on zkSync #17

c4-submissions opened this issue Nov 28, 2023 · 2 comments
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-182 grade-b QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax

Comments

@c4-submissions
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2023-11-panoptic/blob/2647928c33be4a58883110befd7fd065448478ef/contracts/libraries/CallbackLib.sol#L28-L51

Vulnerability details

Impact

The SFPM contract has several callback functions in place when dealing with UniswapV3 callbacks.
It uses the CallbackLib to verify that the message sender came from a real Uniswap pool. The address calculated by that library would be wrong on zkSync due to it having a different address deviation.

Proof of Concept

On ZkSync Era the create2 addresses are not computed the same way see here: https://era.zksync.io/docs/reference/architecture/differences-with-ethereum.html#create-create2
Thus the protocol becomes unusable in the context of ZK.

Impact is high due to the contract being completely unavailable on an EVM-compatible chain thus going against the repo README.
Likelihood is Med/Low, since ZK integrations are always tricky and this would probably be noticed.
Thus, medium severity.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider past solutions to the given problem:
https://solodit.xyz/issues/m-6-computepooladdress-will-not-work-on-zksync-era-sherlock-real-wagmi-2-git
sherlock-audit/2023-10-real-wagmi-judging#85
TL;DR - refactor the function or use a uniswap specific function for address retrieval

Assessed type

Context
@c4-submissions c4-submissions added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working labels Nov 28, 2023
c4-submissions added a commit that referenced this issue Nov 28, 2023
@c4-submissions
ptsanev issue #17
2ce7bfe
@c4-judge
Copy link
Contributor

Picodes marked the issue as duplicate of #182

@c4-judge c4-judge added duplicate-182 downgraded by judge Judge downgraded the risk level of this issue and removed 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value labels Dec 14, 2023
@c4-judge
Copy link
Contributor

Picodes changed the severity to QA (Quality Assurance)

@c4-judge c4-judge added the QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax label Dec 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-182 grade-b QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@c4-judge @C4-Staff @c4-submissions