CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45056 – `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc
https://notcve.org/view.php?id=CVE-2024-45056
zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold `(xor (shl 1, x), -1)` to `(rotl ~1, x)` if run with optimizations enabled. Here `~1` is generated as an unsigned 64 bits number (`2^64-1`). This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended. Thus instead of producing `roti 2^256 - 1, x` the compiler produces `rotl 2^64 - 1, x`. • https://github.com/llvm/llvm-project/commit/e48237df95b49a36b8ffceb78c8a58f4be1b4344 https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-fpx7-8vc6-frjj • CWE-682: Incorrect Calculation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43366 – zkvyper ignored loop range bounds
https://notcve.org/view.php?id=CVE-2024-43366
zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However, more real-life use cases like iterating over an array are not affected. No contracts were affected by this issue, which was fixed in version 1.5.3. • https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-8j77-7rrv-6pxx • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38533 – ZKsync Era invalid stack addressing conversion
https://notcve.org/view.php?id=CVE-2024-38533
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. There is possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. This issue has been patched in version 1.5.0. ZKsync Era es un paquete acumulativo de capa 2 que utiliza pruebas de conocimiento cero para escalar Ethereum. Es posible que el acceso a la pila no sea válido debido a que las direcciones utilizadas para acceder a la pila no se convierten correctamente en celdas. • https://github.com/matter-labs/era-compiler-vyper/security/advisories/GHSA-q7pg-6jh9-87gv • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35229 – ZKsync Era evaluation order of Yul function arguments
https://notcve.org/view.php?id=CVE-2024-35229
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern `f(a(),b()); check_if_a_executed_last()` in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a workaround, update and redeploy affected contracts. ZKsync Era es un paquete acumulativo de capa 2 que utiliza pruebas de conocimiento cero para escalar Ethereum. • https://github.com/matter-labs/era-compiler-solidity/commit/46ce047b51576495779b9f67534207d8154eab79 https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-jf9w-7f5g-j95p • CWE-696: Incorrect Behavior Order •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34704 – era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization
https://notcve.org/view.php?id=CVE-2024-34704
era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the `DAGCombine` phase while visiting the XOR operation. The issue arises when attempting to fold the expression `!(x cc y)` into `(x !cc y)`. • https://github.com/matter-labs/era-compiler-solidity/security/advisories/GHSA-22pj-7cvw-r3gc • CWE-682: Incorrect Calculation •