On November 3rd, security company ChainLight disclosed that its researchers discovered a soundness bug in the ZK circuit of the zkSync Era mainnet on September 15th, and reported it on the 19th. The bug could potentially drain all tokens passed through cross-chain bridges, allowing malicious provers to generate proofs for invalidly executed blocks, which would be accepted by the verifier smart contracts on L1. Matter Labs has deployed a fix for the issue and awarded ChainLight 50,000 USDC as a reward.
All Comments