Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZKsync Era evaluation order of Yul function arguments
Vulnerability Description
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern `f(a(),b()); check_if_a_executed_last()` in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a workaround, update and redeploy affected contracts.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
不正确的行为次序
Vulnerability Title
ZKsync Era 安全漏洞
Vulnerability Description
ZKsync Era是Matter Labs开源的一个编译器。 ZKsync Era 1.3.10之前版本存在安全漏洞,该漏洞源于check_if_a_execulated_last()暴露了Yul函数参数求值顺序的一个错误。
CVSS Information
N/A
Vulnerability Type
N/A