CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45056 – `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc
https://notcve.org/view.php?id=CVE-2024-45056
29 Aug 2024 — zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended. Thus instead of producing `roti 2^256 - 1, x` the compiler produces `rotl 2^64 - 1, x`. • https://github.com/llvm/llvm-project/commit/e48237df95b49a36b8ffceb78c8a58f4be1b4344 • CWE-682: Incorrect Calculation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35229 – ZKsync Era evaluation order of Yul function arguments
https://notcve.org/view.php?id=CVE-2024-35229
27 May 2024 — ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern `f(a(),b()); check_if_a_executed_last()` in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a workaround, update and redeploy affected contracts. ZKsync Era es un paquete acumulativo de capa 2 que utiliza pruebas de conocimiento cero para escalar Ethereum. • https://github.com/matter-labs/era-compiler-solidity/commit/46ce047b51576495779b9f67534207d8154eab79 • CWE-696: Incorrect Behavior Order •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34704 – era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization
https://notcve.org/view.php?id=CVE-2024-34704
13 May 2024 — era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the `DAGCombine` phase while visiting the XOR operation. The issue arises when attempting to fold the expression `!(x cc y)` into `(x !cc y)`. • https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-22pj-7cvw-r3gc • CWE-682: Incorrect Calculation •