Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization
Vulnerability Description
era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the `DAGCombine` phase while visiting the XOR operation. The issue arises when attempting to fold the expression `!(x cc y)` into `(x !cc y)`. To perform this transformation, the second operand of XOR should be a constant representing the true value. However, it was incorrectly assumed that -1 represents the true value, when in fact, 1 is the correct representation, so this transformation for this case should be skipped. This vulnerability is fixed in 1.4.1.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
数值计算不正确
Vulnerability Title
ZKsync Era 安全漏洞
Vulnerability Description
ZKsync Era是Matter Labs开源的一个编译器。 ZKsync Era 1.4.1之前版本存在安全漏洞,该漏洞源于转换错误。
CVSS Information
N/A
Vulnerability Type
N/A