CVE-2024-45056 – `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc
https://notcve.org/view.php?id=CVE-2024-45056
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended. Thus instead of producing `roti 2^256 - 1, x` the compiler produces `rotl 2^64 - 1, x`. • https://github.com/llvm/llvm-project/commit/e48237df95b49a36b8ffceb78c8a58f4be1b4344 https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-fpx7-8vc6-frjj • CWE-682: Incorrect Calculation •
CVE-2024-35229 – ZKsync Era evaluation order of Yul function arguments
https://notcve.org/view.php?id=CVE-2024-35229
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern `f(a(),b()); check_if_a_executed_last()` in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a workaround, update and redeploy affected contracts. ZKsync Era es un paquete acumulativo de capa 2 que utiliza pruebas de conocimiento cero para escalar Ethereum. • https://github.com/matter-labs/era-compiler-solidity/commit/46ce047b51576495779b9f67534207d8154eab79 https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-jf9w-7f5g-j95p • CWE-696: Incorrect Behavior Order •
CVE-2024-34704 – era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization
https://notcve.org/view.php?id=CVE-2024-34704
era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the `DAGCombine` phase while visiting the XOR operation. The issue arises when attempting to fold the expression `!(x cc y)` into `(x !cc y)`. • https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-22pj-7cvw-r3gc • CWE-682: Incorrect Calculation •