• bitcoinBitcoin (BTC) $ 97,229.00
  • ethereumEthereum (ETH) $ 3,391.83
  • tetherTether (USDT) $ 1.00
  • xrpXRP (XRP) $ 2.24
  • bnbBNB (BNB) $ 663.51
  • solanaSolana (SOL) $ 185.17
  • dogecoinDogecoin (DOGE) $ 0.321665
  • usd-coinUSDC (USDC) $ 0.999972
  • staked-etherLido Staked Ether (STETH) $ 3,386.52
  • cardanoCardano (ADA) $ 0.915789
  • tronTRON (TRX) $ 0.245144
  • avalanche-2Avalanche (AVAX) $ 38.67
  • chainlinkChainlink (LINK) $ 22.76
  • wrapped-stethWrapped stETH (WSTETH) $ 4,025.87
  • the-open-networkToncoin (TON) $ 5.31
  • suiSui (SUI) $ 4.63
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 96,963.00
  • shiba-inuShiba Inu (SHIB) $ 0.000022
  • hyperliquidHyperliquid (HYPE) $ 32.90
  • stellarStellar (XLM) $ 0.359276
  • polkadotPolkadot (DOT) $ 7.09
  • hedera-hashgraphHedera (HBAR) $ 0.254781
  • wethWETH (WETH) $ 3,392.99
  • bitcoin-cashBitcoin Cash (BCH) $ 449.12
  • leo-tokenLEO Token (LEO) $ 9.31
  • uniswapUniswap (UNI) $ 13.43
  • litecoinLitecoin (LTC) $ 100.34
  • pepePepe (PEPE) $ 0.000018
  • wrapped-eethWrapped eETH (WEETH) $ 3,587.42
  • nearNEAR Protocol (NEAR) $ 5.12
  • bitget-tokenBitget Token (BGB) $ 4.27
  • ethena-usdeEthena USDe (USDE) $ 0.999279
  • aptosAptos (APT) $ 9.89
  • usdsUSDS (USDS) $ 0.999951
  • internet-computerInternet Computer (ICP) $ 10.43
  • aaveAave (AAVE) $ 308.23
  • crypto-com-chainCronos (CRO) $ 0.161885
  • polygon-ecosystem-tokenPOL (ex-MATIC) (POL) $ 0.482400
  • mantleMantle (MNT) $ 1.19
  • ethereum-classicEthereum Classic (ETC) $ 26.29
  • render-tokenRender (RENDER) $ 7.29
  • vechainVeChain (VET) $ 0.046289
  • mantra-daoMANTRA (OM) $ 3.83
  • moneroMonero (XMR) $ 191.68
  • whitebitWhiteBIT Coin (WBT) $ 24.49
  • bittensorBittensor (TAO) $ 469.25
  • daiDai (DAI) $ 0.999803
  • fetch-aiArtificial Superintelligence Alliance (FET) $ 1.31
  • ethenaEthena (ENA) $ 1.10
  • arbitrumArbitrum (ARB) $ 0.768465
  • kaspaKaspa (KAS) $ 0.121167
  • filecoinFilecoin (FIL) $ 5.02
  • fantomFantom (FTM) $ 1.03
  • algorandAlgorand (ALGO) $ 0.334861
  • okbOKB (OKB) $ 44.73
  • virtual-protocolVirtuals Protocol (VIRTUAL) $ 2.66
  • cosmosCosmos Hub (ATOM) $ 6.68
  • blockstackStacks (STX) $ 1.71
  • ondo-financeOndo (ONDO) $ 1.73
  • optimismOptimism (OP) $ 1.81
  • immutable-xImmutable (IMX) $ 1.40
  • bonkBonk (BONK) $ 0.000031
  • celestiaCelestia (TIA) $ 5.10
  • movementMovement (MOVE) $ 0.984342
  • theta-tokenTheta Network (THETA) $ 2.17
  • injective-protocolInjective (INJ) $ 21.27
  • binance-peg-wethBinance-Peg WETH (WETH) $ 3,372.76
  • the-graphThe Graph (GRT) $ 0.212294
  • coinbase-wrapped-btcCoinbase Wrapped BTC (CBBTC) $ 97,482.00
  • dogwifcoindogwifhat (WIF) $ 1.99
  • pudgy-penguinsPudgy Penguins (PENGU) $ 0.029689
  • sei-networkSei (SEI) $ 0.434307
  • worldcoin-wldWorldcoin (WLD) $ 2.24
  • thorchainTHORChain (RUNE) $ 5.13
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,499.76
  • first-digital-usdFirst Digital USD (FDUSD) $ 1.00
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,798.15
  • flokiFLOKI (FLOKI) $ 0.000171
  • gatechain-tokenGate (GT) $ 13.06
  • jasmycoinJasmyCoin (JASMY) $ 0.033885
  • mantle-staked-etherMantle Staked Ether (METH) $ 3,573.82
  • lido-daoLido DAO (LDO) $ 1.74
  • tokenize-xchangeTokenize Xchange (TKX) $ 18.91
  • galaGALA (GALA) $ 0.036151
  • flare-networksFlare (FLR) $ 0.027646
  • lombard-staked-btcLombard Staked BTC (LBTC) $ 97,180.00
  • makerMaker (MKR) $ 1,647.58
  • beam-2Beam (BEAM) $ 0.027546
  • fasttokenFasttoken (FTN) $ 3.33
  • usual-usdUsual USD (USD0) $ 1.00
  • the-sandboxThe Sandbox (SAND) $ 0.571688
  • pyth-networkPyth Network (PYTH) $ 0.372193
  • kucoin-sharesKuCoin (KCS) $ 11.28
  • nexoNEXO (NEXO) $ 1.35
  • kaiaKaia (KAIA) $ 0.224511
  • tezosTezos (XTZ) $ 1.29
  • based-brettBrett (BRETT) $ 0.131061
  • solv-btcSolv Protocol SolvBTC (SOLVBTC) $ 96,851.00
  • raydiumRaydium (RAY) $ 4.42
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 3,495.77
  • eosEOS (EOS) $ 0.812419
  • heliumHelium (HNT) $ 6.86
  • binance-staked-solBinance Staked SOL (BNSOL) $ 190.19
  • ethereum-name-serviceEthereum Name Service (ENS) $ 35.37
  • aerodrome-financeAerodrome Finance (AERO) $ 1.61
  • jupiter-exchange-solanaJupiter (JUP) $ 0.844391
  • xdce-crowd-saleXDC Network (XDC) $ 0.075887
  • flowFlow (FLOW) $ 0.714759
  • starknetStarknet (STRK) $ 0.486524
  • arweaveArweave (AR) $ 16.51
  • bitcoin-svBitcoin SV (BSV) $ 53.79
  • iotaIOTA (IOTA) $ 0.296889
  • dydx-chaindYdX (DYDX) $ 1.49
  • aioz-networkAIOZ Network (AIOZ) $ 0.924581
  • bittorrentBitTorrent (BTT) $ 0.000001
  • msolMarinade Staked SOL (MSOL) $ 231.83
  • curve-dao-tokenCurve DAO (CRV) $ 0.815612
  • coredaoorgCore (CORE) $ 1.10
  • neoNEO (NEO) $ 14.20
  • axie-infinityAxie Infinity (AXS) $ 6.28
  • elrond-erd-2MultiversX (EGLD) $ 34.86
  • matic-networkPolygon (MATIC) $ 0.483755
  • decentralandDecentraland (MANA) $ 0.482241
  • solv-protocol-solvbtc-bbnSolv Protocol SolvBTC.BBN (SOLVBTC.BB) $ 96,204.00
  • arbitrum-bridged-wbtc-arbitrum-oneArbitrum Bridged WBTC (Arbitrum One) (WBTC) $ 96,732.00
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 3,381.27
  • pendlePendle (PENDLE) $ 5.16
  • zcashZcash (ZEC) $ 53.15
  • apecoinApeCoin (APE) $ 1.16
  • eigenlayerEigenlayer (EIGEN) $ 3.87
  • jito-governance-tokenJito (JTO) $ 2.99
  • fartcoinFartcoin (FARTCOIN) $ 0.821446
  • mog-coinMog Coin (MOG) $ 0.000002
  • akash-networkAkash Network (AKT) $ 3.23
  • chilizChiliz (CHZ) $ 0.086139
  • l2-standard-bridged-weth-baseL2 Standard Bridged WETH (Base) (WETH) $ 3,394.54
  • ai16zai16z (AI16Z) $ 0.703108
  • conflux-tokenConflux (CFX) $ 0.160830
  • wormholeWormhole (W) $ 0.271027
  • usddUSDD (USDD) $ 0.997171
  • popcatPopcat (POPCAT) $ 0.757975
  • mina-protocolMina Protocol (MINA) $ 0.615552
  • jupiter-staked-solJupiter Staked SOL (JUPSOL) $ 198.88
  • spx6900SPX6900 (SPX) $ 0.780505
  • compound-governance-tokenCompound (COMP) $ 81.59
  • arbitrum-bridged-weth-arbitrum-oneArbitrum Bridged WETH (Arbitrum One) (WETH) $ 3,395.38
  • roninRonin (RON) $ 1.92
  • superfarmSuperVerse (SUPER) $ 1.56
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.38
  • ecasheCash (XEC) $ 0.000035
  • havvenSynthetix Network (SNX) $ 2.04
  • gnosisGnosis (GNO) $ 264.20
  • chiaChia (XCH) $ 21.14
  • dog-go-to-the-moon-runeDOG•GO•TO•THE•MOON (Runes) (DOG) $ 0.006729
  • ether-fi-staked-btcEther.fi Staked BTC (EBTC) $ 96,433.00
  • amp-tokenAmp (AMP) $ 0.007887
  • zksyncZKsync (ZK) $ 0.179537
  • dydxdYdX (ETHDYDX) $ 1.48
  • binance-peg-dogecoinBinance-Peg Dogecoin (DOGE) $ 0.320670
  • axelarAxelar (AXL) $ 0.751247
  • notcoinNotcoin (NOT) $ 0.006414
  • fraxFrax (FRAX) $ 0.998000
  • tether-goldTether Gold (XAUT) $ 2,630.50
  • chex-tokenCHEX Token (CHEX) $ 0.655716
  • peanut-the-squirrelPeanut the Squirrel (PNUT) $ 0.642470
  • layerzeroLayerZero (ZRO) $ 5.72
  • mantle-restaked-ethMantle Restaked ETH (CMETH) $ 3,567.46
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000113
  • reserve-rights-tokenReserve Rights (RSR) $ 0.011360
  • usualUsual (USUAL) $ 1.28
  • grassGrass (GRASS) $ 2.47
  • baby-doge-coinBaby Doge Coin (BABYDOGE) $ 0.00000000
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,682.02
  • turboTurbo (TURBO) $ 0.008341
  • vanaVana (VANA) $ 18.26
  • super-oethSuper OETH (SUPEROETHB) $ 3,404.74
  • safeSafe (SAFE) $ 1.09
  • cat-in-a-dogs-worldcat in a dogs world (MEW) $ 0.006258
  • echelon-primeEchelon Prime (PRIME) $ 10.93
  • ordinalsORDI (ORDI) $ 26.47
  • oasis-networkOasis (ROSE) $ 0.082695
  • blurBlur (BLUR) $ 0.265056
  • 1inch1inch (1INCH) $ 0.391434
  • trust-wallet-tokenTrust Wallet (TWT) $ 1.29
  • beldexBeldex (BDX) $ 0.077653
  • susdssUSDS (SUSDS) $ 1.03
  • paypal-usdPayPal USD (PYUSD) $ 1.00
  • bitcoin-avalanche-bridged-btc-bAvalanche Bridged BTC (Avalanche) (BTC.B) $ 97,082.00
  • pax-goldPAX Gold (PAXG) $ 2,632.45
  • creditcoin-2Creditcoin (CTC) $ 1.27
  • dexeDeXe (DEXE) $ 9.14
  • pumpbtcpumpBTC (PUMPBTC) $ 96,866.00
  • apenftAPENFT (NFT) $ 0.00000052
  • livepeerLivepeer (LPT) $ 13.91
  • frax-etherFrax Ether (FRXETH) $ 3,399.16
  • goatseus-maximusGoatseus Maximus (GOAT) $ 0.505912
  • gigachad-2Gigachad (GIGA) $ 0.052147
  • arkhamArkham (ARKM) $ 1.49
  • true-usdTrueUSD (TUSD) $ 1.00
  • kusamaKusama (KSM) $ 31.06
Bitcoin

ChainLight saved zkSync Era from $1.9B exploit

By admin
0 222

ChainLight saved zkSync Era from $1.9B exploit

  blockworks.co 6 m

ChainLight saved zkSync Era from $1.9B exploit

Blockchain security audit firm ChainLight identified a vulnerability in the zkSync Era protocol that, if exploited, could have led to a potential loss of $1.9 billion.

The bug was found in zkSync Era’s zk-circuits. These circuits are designed to validate the correctness of transaction data without exposing sensitive details about the counterparties involved.

A blog post from ChainLight detailed that the bug could have allowed a malicious actor to manipulate transactions within a block and still have them verified as accurate. This would have led to layer-1 smart contracts accepting these proofs, unaware of the manipulated transaction values they contained.

Had the attack been successful, the malicious prover could have drained 100,000 ether (ETH), worth an estimated $1.9 billion at the time of disclosure.

Despite this, zkSync Era had many security layers in place. These would have made it difficult for anyone to actually execute the exploit unless they were part of Matter Labs, the infrastructure team behind zkSync Era.

Anton Astafiev, head of security at Matter Labs, told Blockworks that exploiting this bug would have required the highest level of security privilege across its infrastructure.

An attacker would have needed to either access the protocol’s backend in order to directly inject the malicious code, or gain access to its validator private key used for signing blocks. They would also have had to endure a mandatory 21-hour waiting period before extracting any funds due to an execution delay.

“What’s more, the bug found is related to our old prover and not the current Boojum, meaning the code will soon enough be completely obsolete and retired,” Astafiev said.

After being made aware of the critical bug, ChainLight noted in an X post that the Matter Labs team had quickly reacted to the report, and fixed the issue.

The ChainLight team was awarded 50,000 in USDC for discovering the bug.

“This bug in particular was not formally part of the existing bug bounty programs or public contest. When we receive out-of-scope findings, we always assess them based on real-world impact to determine their importance and the corresponding reward,” Astafiev said.

Astafiev noted that the Matter Labs team is looking forward to continued collaboration with ChainLight and other security-focused organizations.

“These types of findings are healthy reminders of why multi-layer defense architectures like the ones Matter Labs implemented for zkSync are so critically important; no single layer of protection is ever perfectly secure, which is why there can be no single point of failure,” he said.

Source

admin 8600 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.