Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

protocol is incompatible with ZetaChain V2, V1 is being deprecated #4

Open
hats-bug-reporter bot opened this issue Sep 2, 2024 · 1 comment
Open

protocol is incompatible with ZetaChain V2, V1 is being deprecated #4

hats-bug-reporter bot opened this issue Sep 2, 2024 · 1 comment
Labels
Invalid - Lead auditor

Comments

@hats-bug-reporter
Copy link

Github username: --
Twitter username: --
Submission hash (on-chain): 0xd8d390af931b95da7ddb3bd7203ce81556edca8d82ee8ce8feaea45bc359fd4d
Severity: medium

Description:
Description
The protocol wants to work with the ZetaChain project by creating a staked ZETA token, but since ZetaChain is releasing V2, V1 will be deprecated from what we understand - https://discord.com/channels/858516330432299008/1078765093413736630/1278621840016936961

They use the old ZetaConnector logic with zetaSend here:

function deposit(uint256 amount, address receiver) public override nonReentrant {
    require(amount > 0, "ZeroDeposit");
    uint256 mintAmount = previewDeposit(amount);
    require(mintAmount > 0, "ZeroMintAmount");
    baseToken.safeTransferFrom(address(msg.sender), address(this), amount);
    IZetaInterfaces.SendInput memory sendInput = IZetaInterfaces.SendInput({
        destinationChainId: 7000,
        destinationAddress: abi.encodePacked(destination),
        destinationGasLimit: 5000000,
        message: abi.encodePacked(""),
        zetaValueAndGas: amount,
        zetaParams: abi.encodePacked("")
    });
    connector.send(sendInput);
    stakingToken.mint(receiver, mintAmount);
    emit Deposit(address(msg.sender), receiver, amount);
}

But ZetaChain v2 will not have this feature and will use Gateway for all its interactions - https://github.com/zeta-chain/protocol-contracts/blob/main/v2/contracts/evm/GatewayEVM.sol#L236

So this token will become unusable as v1 connectors won't work when v2 is launched.

Attack Scenario
Describe how the vulnerability can be exploited.

Recommended Mitigation

Modify the stZETAMInterERC20 logic to work with ZetaChain v2 contracts.
@hats-bug-reporter hats-bug-reporter bot added the bug Something isn't working label Sep 2, 2024
@0xRizwan
Copy link

0xRizwan commented Sep 2, 2024

stZETAMInterERC20.sol is out of scope.

@0xRizwan 0xRizwan added Invalid - Lead auditor and removed bug Something isn't working labels Sep 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Invalid - Lead auditor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@0xRizwan