BLOCK_PERIOD
is incorrect
#259
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
M-02
selected for report
This submission will be included/highlighted in the audit report
sponsor confirmed
Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
Lines of code
https://github.com/code-423n4/2022-10-zksync/blob/456078b53a6d09636b84522ac8f3e8049e4e3af5/ethereum/contracts/zksync/Config.sol#L47
Vulnerability details
The
BLOCK_PERIOD
is set to 13 seconds inConfig.sol
.Since moving to Proof-of-Stake (PoS) after the Merge, block times on ethereum are fixed at 12 seconds per block (slots).
https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/#:~:text=Whereas%20under%20proof%2Dof%2Dwork,block%20proposer%20in%20every%20slot.
Impact
This results in incorrect calculation of
PRIORITY_EXPIRATION
which is used to determine when a transaction in the Priority Queue should be considered expired.The time difference can be calulated
By using block time of 13 seconds, a transaction in the Priority Queue incorrectly expires 5.5 hours earlier than is expected.
5.5 hours is a significant amount of time difference so I believe this issue to be Medium severity.
Recommendations
Change the block period to be 12 seconds
The text was updated successfully, but these errors were encountered: