Key Points:
- ChainLight uncovered a vulnerability in the zkSync Era network, which could have led to a potential loss of nearly $2 billion
- The multi-layered security architecture of zkSync Era was designed to counter such threats.
- For identifying and reporting the bug, ChainLight’s team was rewarded with a $50,000 USDC bounty
A $2 Billion Rescue
A recent discovery by the security auditing firm ChainLight revealed a vulnerability in zkSync Era that could have resulted in significant financial losses for the network.
Indeed, ChainLight identified a security flaw within the zkSync Era network, which could have allowed a malicious actor to manipulate transactions within a block, and therefore access the funds of affected users. In total, this vulnerability could have resulted in the withdrawal of 100,000 ether, equivalent to $1.9 billion.
Fortunately, the multi-layered security architecture of zkSync Era prevented the hacker from successfully executing the attack. Moreover, only an individual with high-level authorization and an in-depth knowledge of the internal infrastructure could have attempted such a large-scale attack, according to Anton Astafiev, Head of Security at Matter Labs.
zkSync Era Shows Reactivity
The Matter Labs team behind zkSync Era promptly took the discovery by ChainLight seriously. As a result, the vulnerability was fixed before it could be fully exploited by the malicious actor.
This reactivity highlights the importance of continuous collaboration between developers and security firms in maintaining the integrity of decentralized financial systems.
$50,000 Reward for ChainLight
Although ChainLight’s discovery was not covered by existing bug bounty programs, the potential impact of the vulnerability led to a $50,000 USDC reward for the team.
Overall, the zkSync Era incident serves as a testament to the importance of robust security in emerging on-chain networks.