11 matches found
UBUNTU-CVE-2024-45056
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...
CVE-2024-45056
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...
CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...
CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...
ZKsync Era 安全漏洞
ZKsync Era is an open source compiler from Matter Labs. A security vulnerability exists in versions of ZKsync Era prior to 1.5.3, which stems from LLVM mishandling of specific instructions during optimization, resulting in a numeric expansion error that affects contract execution on EraVM...
CVE-2023-46232
era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...
Code injection
era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...
CVE-2023-46232 era-compiler-vyper First Immutable Variable Initialization vulnerability
era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...
CVE-2023-46232
The CVE concerns era-compiler-vyper (EraVM Vyper compiler for zkSync Era). Before 1.3.10, a bug in initialization of the first immutable variable for Vyper contracts could occur when a String or Array allocates more 256‑bit words than are initialized; the second word’s index could be left unset (...
CVE-2023-46232 era-compiler-vyper First Immutable Variable Initialization vulnerability
era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The proble...
PT-2023-29916 · Unknown · Era-Compiler-Vyper
Name of the Vulnerable Software and Affected Versions: era-compiler-vyper versions prior to 1.3.10 Description: The issue arises in the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. A bug prevented the initialization of the first immutabl...