ChainLight, a blockchain security audit firm, discovered and reported a critical bug in the zkSync Era protocol that could have allowed an attacker to steal up to 100,000 ETH. Matter Labs fixed the bug, and the developers of zkSync Era and ChainLight were rewarded 50,000 USDC for their vigilance.
How ChainLight found the bug
The bug was hidden in the zk-circuits of zkSync Era, which are used to verify transactions on the layer-2 scaling solution without revealing sensitive information.
ChainLight realized that this bug could enable a malicious actor to alter the transaction details within a block while still passing the verification.
This could result in the layer-1 smart contracts on Ethereum accepting the falsified proofs without noticing the tampered transaction data.
If this bug had not been detected in time and exploited by an attacker, they could have potentially drained 100,000 ETH from the zkSync Era protocol, which was worth about $1.9 billion at the time of the disclosure.
The security measures that saved zkSync Era
However, exploiting this bug was not an easy task, as zkSync Era had multiple layers of security in place.
According to Anton Astafiev, the head of security at Matter Labs, an attacker would need to gain the highest level of access to the protocol’s backend or its validator private key, which is used to sign blocks.
Moreover, an attacker would have to wait for 21 hours before claiming any stolen funds due to a built-in execution delay. Astafiev also noted that the bug was related to the old prover of zkSync Era, which was soon to be replaced by the new Boojum prover.
As soon as ChainLight reported the bug, Matter Labs acted swiftly and fixed the issue. They also rewarded ChainLight with 50,000 USDC for their discovery.
Astafiev expressed his gratitude to ChainLight and his vision of collaborating with more security experts in the future.
He said,
“Such findings remind us of the importance of layered defense mechanisms, like the ones Matter Labs designed for zkSync. No security system is perfect, and we need to work together to make zkSync Era as secure as possible.”
The Role and Importance of zkSync Era in Scaling Ethereum
zkSync Era is a layer-2 protocol that scales Ethereum with zero-knowledge proofs. It aims to provide fast, cheap, and secure transactions on Ethereum without compromising its decentralization or security.
zkSync Era supports smart contracts written in Solidity or Vyper and is compatible with the Ethereum Virtual Machine. zkSync Era is developed by Matter Labs, a team of engineers passionate about liberty, blockchain, and math.
The Layer 2 protocol is one of the leading solutions to address the scalability challenges of Ethereum, which has been suffering from high gas fees and network congestion.
By moving most of the computation and data off-chain, zkSync Era can process thousands of transactions per second while still ensuring their validity on the main chain.
zkSync Era is used by over 150 projects, including Chainlink, Uniswap, SushiSwap, Aave, Argent, Gnosis, Curve, and many others.
