Browse all 6 CVE security advisories affecting matter-labs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Matter-labs develops zkSync, a Layer 2 scaling solution for Ethereum using zero-knowledge rollups. Historically, their systems have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, as evidenced by their six recorded CVEs. The platform's security architecture relies on complex cryptographic proofs and smart contracts, introducing unique attack surfaces. While no major public security incidents have been documented, the presence of multiple high-severity CVEs suggests ongoing challenges in securing their zkEVM implementation and associated infrastructure.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-45056 | `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc — era-compiler-solidityCWE-682 | 5.9 | Medium | 2024-08-29 |
| CVE-2024-43366 | zkvyper ignored loop range bounds — era-compiler-vyperCWE-835 | 7.5 | High | 2024-08-15 |
| CVE-2024-38533 | ZKsync Era invalid stack addressing conversion — era-compiler-vyperCWE-787 | 6.5 | Medium | 2024-06-28 |
| CVE-2024-35229 | ZKsync Era evaluation order of Yul function arguments — era-compiler-solidityCWE-696 | 5.3 | Medium | 2024-05-27 |
| CVE-2024-34704 | era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization — era-compiler-solidityCWE-682 | 5.9 | Medium | 2024-05-13 |
| CVE-2023-46232 | era-compiler-vyper First Immutable Variable Initialization vulnerability — era-compiler-vyperCWE-471 | 5.3 | Medium | 2023-10-25 |
This page lists every published CVE security advisory associated with matter-labs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.