369 matches found
CVE-2024-45056
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...
CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...
CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...
CVE-2024-45056
The CVE-2024-45056 entry describes a misoptimization in zksolc (Matter Labs’ Solidity compiler for ZKsync) where LLVM optimization folds (xor (shl 1, x), -1) into (rotl ~1, x). Here ~1 is generated as unsigned 64-bit (2^64-1) and is zero-extended to 256 bits on EraVM, when it should have been sig...
CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...
SherlockChain - A Streamlined AI Analysis Framework For Solidity, Vyper And Plutus Contracts
SherlockChain is a powerful smart contract analysis framework that combines the capabilities of the renowned Slither tool with advanced AI-powered features. Developed by a team of security experts and AI researchers, SherlockChain offers unparalleled insights and vulnerability detection for...
CVE-2024-34704
era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...
CVE-2024-34704 era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization
era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...
CVE-2024-34704 era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization
era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...
CVE-2024-34704
Summary: CVE-2024-34704 affects era-compiler-solidity (ZKsync Solidity compiler). On instruction selection in the DAGCombine phase, folding the expression !(x cc y) into (x cc y) incorrectly assumed the second XOR operand representing the true value was -1, whereas the true value is 1. This misop...
CVE-2024-34704 era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization
era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !x cc y into x !cc y. To perform this transformation, the second operand o...
PT-2024-26119 · Unknown · Era-Compiler-Solidity
Name of the Vulnerable Software and Affected Versions: era-compiler-solidity versions prior to 1.4.1 Description: The issue occurs during the DAGCombine phase while visiting the XOR operation, specifically when attempting to fold the expression !x cc y into x !cc y. This transformation should be...
Loss of precission when calculating the accumulated CANTO per share
Lines of code Vulnerability details Impact When calculating the amount of CANTO per share in updatemarket, dividing by 1e18 in cantoReward and multiplying by the same value in accCantoPerShare rounds down the final value, making the amount of rewards users will receive be less than expected. Proo...
use of 0.8.20
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. This is because solidity 0.8.20 introduces the PUSH0 0x5f opcode which is only supported on the ETH mainnet and not on any other chains. That's why other chains can't find the PUSH0 0x5f opcode and thro...
Unsafe use of approve() with IERC20
Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...
_determineTransferAmount does't support low decimal tokens.
Lines of code Vulnerability details Impact determineTransferAmount does't support low decimal tokens. Transfer amount will be force set to incorrect amount. Proof of Concept In process of erc20Wrap,in order to support different decimal tokens, the contract use determineTransferAmount to get...
Unrestricted Unwrap Fee Changes: Instability, Market Disruption, and Loss of Trust
Lines of code Vulnerability details Impact The current changeUnwrapFee function in the Ocean smart contract allows the owner to change the unwrap fee divisor with no restrictions, leading to several negative impacts: 1. Unstable Unwrap Fees: Frequent changes in the divisor can cause instability a...
Ethereum ABI decoder DoS when parsing ZST
With this notification I would like to inform about a DoS vector in the Ethereum ABI decoder. We have not yet found a way to exploit this with high impact, still the bug could potentially lead to a DoS in server systems. Feel free to ask about an extension of the embargo period. Trail of Bits is...
GHSA-RQR8-PXH7-CQ3G Ethereum ABI decoder DoS when parsing ZST
With this notification I would like to inform about a DoS vector in the Ethereum ABI decoder. We have not yet found a way to exploit this with high impact, still the bug could potentially lead to a DoS in server systems. Feel free to ask about an extension of the embargo period. Trail of Bits is...
There is potential underflow and overflow issues in arithmetic operations in the _getRewardsSinceLastClaim function
Lines of code Vulnerability details Impact There are potential underflow and overflow issues in arithmetic operations. Not being able to verify that subtracting lastClaimedValue from shareDataid.shareHolderRewardsPerTokenScaled would result in a negative value. This could lead to affecting the...