Blockchain security audit firm ChainLight identified a vulnerability in the zkSync Era protocol that, if exploited, could have led to a potential loss of $1.9 billion.
The bug was found in zkSync Era’s zk-circuits. These circuits are designed to validate the correctness of transaction data without exposing sensitive details about the counterparties involved.
A blog post from ChainLight detailed that the bug could have allowed a malicious actor to manipulate transactions within a block and still have them verified as accurate. This would have led to layer-1 smart contracts accepting these proofs, unaware of the manipulated transaction values they contained.
Had the attack been…
Read more on Blockworks