CVE-2024-35229

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35229
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35229.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35229
Related
  • GHSA-jf9w-7f5g-j95p
Published
2024-05-27T17:15:09Z
Modified
2025-01-14T19:46:52Z
Summary
[none]
Details

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern f(a(),b()); check_if_a_executed_last() in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a workaround, update and redeploy affected contracts.

References

Affected packages

Git / github.com/matter-labs/era-compiler-solidity

Affected ranges

Type
GIT
Repo
https://github.com/matter-labs/era-compiler-solidity
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed