TechFlow news: Blockchain security firm ChainLight announced that its researchers discovered a soundness vulnerability in the ZK-circuits of the zkSync Era mainnet on September 15 and immediately reported the issue to the relevant parties on the 19th.
The vulnerability allowed malicious provers to generate fake "proofs" for invalidly executed blocks, which could be accepted by the verifier smart contract on L1.
Matter Labs, the developer behind zkSync, has now deployed a fix and awarded ChainLight 50,000 USDC—the first bounty paid out by zkSync Era for a ZK-circuits vulnerability.




