According to Foresight News, security company ChainLight reported a bug in the zkSync Era mainnet's ZK circuit on September 15th. The bug, which was reported on the 19th, could potentially drain all tokens passing through cross-chain bridges and allow malicious provers to generate proofs for invalid executions. Validators' smart contracts on L1 would accept these proofs.
Matter Labs has deployed a fix for the issue and awarded ChainLight 50,000 USDC as a reward. The discovery of the bug highlights the importance of ongoing security measures and vigilance in the world of blockchain technology.
