ChainLight, a blockchain security audit firm, uncovered a vulnerability in the zkSync Era protocol, possibly exposing $1.9 billion to risk.
ChainLight, a blockchain security audit firm, uncovered a vulnerability in the zkSync Era protocol, possibly exposing $1.9 billion to risk.
The flaw was discovered in zkSync Era's zk-circuits, which are supposed to validate transaction data while maintaining anonymity. Exploiting the flaw might have enabled a bad actor to modify transactions within a block, tricking layer-1 smart contracts into accepting them as correct.
However, the various protection layers in place made implementing the hack extremely difficult, necessitating extensive access to Matter Labs, the developers behind zkSync Era, infrastructure.
Matter Labs swiftly addressed and resolved the issue after receiving the report. ChainLight was given 50,000 USDC for their finding, and Matter Labs pledged to continue working with security-focused organizations.
Let us know what you loved about this article, what could be improved, or share any other feedback by filling out this short form.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
