ChainLight saves zkSync Era from nearly $2 billion attack

Security Audit Company Blockchain chain light A vulnerability in the zkSync Era protocol has been discovered that, if exploited, could lead to a potential loss of $1.9 billion.

A bug was found in the zk circuit of the zkSync era. These circuits are designed to verify the accuracy of transaction data without revealing sensitive details about the counterparty.

A ChainLight blog post details that the bug could allow malicious actors to manipulate transactions in blocks while still verifying that they are correct.

This will result in smart contract Layer 1 accepts these proofs but is unaware of the manipulated transaction values ​​they contain.

If the attack is successful, a malicious attacker could drain 100,000 Ethereum (Ethereum), valued at an estimated $1.9 billion at the time of disclosure.

Even so, zkSync Era still has multiple layers of security. These will make it difficult for anyone to actually mine unless they are part of Matter Labs, the infrastructure team behind the zkSync Era.

Anton Astafiev, director of security at Matter Labs, told Blockworks that exploiting the vulnerability requires the highest level of security permissions on its infrastructure.

An attacker would need access to the backend of the protocol to directly inject malicious code or access the private keys of the validators used to sign blocks. Due to implementation delays, they must also endure a mandatory 21-hour waiting period before they can withdraw any funds.

Astafiev said:

“Additionally, the bugs found were related to our old proof set, not the current Boojum, which means the code will soon be completely outdated and no longer work.”

After becoming aware of the critical error, ChainLight noted in an X post that the Matter Labs team quickly responded to the report and fixed the issue.

ChainLight team won 50,000 U.S. Department of Agriculture Because a bug was found.

“This particular bug is not officially part of an existing bug bounty program or open competition. When we receive out-of-scope findings, we always evaluate them against real-world impact to determine their significance and appropriate award.”

Astafiev noted that the Matter Labs team looks forward to continued collaboration with ChainLight and other security-focused organizations.

“These types of findings are a good reminder why a multi-layered defense architecture like the one Matter Labs deployed for zkSync is critical; no layer of protection can be completely secure, which is why there cannot be a single point of failure.”

information Bitcoin Synthetic.