Hedgar2017

**Name of the Vulnerable Software and Affected Versions** zksolc versions prior to 1.5.3 **Description** The issue arises from the compilation process of zksolc, a Solidity compiler for ZKsync, where all LLVM versions since 2015 incorrectly optimize the expression `(xor (shl 1, x), -1)` to `(rotl ~1, x)` when run with optimizations enabled. Here, `~1` is generated as an unsigned 64-bit number (`2^64-1`), which is then zero-extended to 256 bits on the EraVM target instead of being sign-extended. This results in the compiler producing `rotl 2^64 - 1, x` instead of the expected `roti 2^256 - 1, x`. Analysis has shown that no contracts were affected by the date of publishing this advisory. **Recommendations** For versions prior to 1.5.3, upgrade to version 1.5.3 or later and redeploy all contracts to resolve the issue. As a temporary workaround, consider disabling optimizations in the compiler until a patch is available. However, it is noted that there are no known workarounds for this vulnerability, making an upgrade to a fixed version the only resolution.

**Name of the Vulnerable Software and Affected Versions** ZKsync Era versions prior to 1.5.0 **Description** ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. The issue arises from possible invalid stack access due to the addresses used to access the stack not properly being converted to cells. **Recommendations** For versions prior to 1.5.0, update to version 1.5.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ZKsync Era versions prior to 1.3.10 **Description** ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. A bug in the evaluation order of Yul function arguments is exposed by a specific pattern `f(a(),b()); check if a executed last()` in Yul. This issue has been fixed in version 1.3.10. **Recommendations** For versions prior to 1.3.10, update and redeploy affected contracts to resolve the issue. As a temporary workaround, consider avoiding the use of the specific pattern `f(a(),b()); check if a executed last()` in Yul until the update is applied.

**Name of the Vulnerable Software and Affected Versions** era-compiler-solidity versions prior to 1.4.1 **Description** The issue occurs during the `DAGCombine` phase while visiting the XOR operation, specifically when attempting to fold the expression `!(x cc y)` into `(x !cc y)`. This transformation should be skipped because the correct representation of the true value is 1, not -1. **Recommendations** For versions prior to 1.4.1, update to version 1.4.1 to resolve the issue.