Analyzing the Key Vulnerability in Polygon's zkEVM

Table of Contents

The blockchain and cryptocurrency ecosystem, ever-evolving and decentralized, has become a breeding ground for innovation, but it's also a playground for vulnerabilities. In this article, we explore a critical math-related bug that once plagued Polygon's zkEVM, and its far-reaching implications. We'll examine the vulnerability in detail, its root causes, and the real-world impact. Additionally, we'll delve into the fix implemented to secure the system, highlighting the importance of robust validation and safeguarding value transactions.

I. Overview of the Math-Related Critical Bug

A. Overview of the Vulnerability

Blockchain technology has the potential to revolutionize the way we conduct transactions, but it's not immune to software vulnerabilities. Within the intricate world of blockchain technology, the Polygon zkEVM protocol, designed to bring scalability and security, found itself susceptible to a critical vulnerability. This vulnerability, initially identified by Spearbit during a preliminary review, resided in the system's validation of division remainders.

B. Importance of Math-Related Bugs

Math-related bugs might not always be immediately apparent, but they are critical in blockchain protocols where mathematical operations are integral. Any discrepancy can lead to fraudulent activity and disrupt the trust within the system. This incident sheds light on the significance of ensuring the mathematical integrity of blockchain networks.

II. Understanding the Vulnerability

A. DivARITH Subroutine

1. What It Does

At the heart of the vulnerability lies the `divARITH` subroutine, nestled in the `zkevm-rom:utils.zkasm` section of the codebase. `divARITH` is a critical component that employs the arithmetic state machine to perform division operations. However, it did so without proper validation checks.

The `divARITH` subroutine serves as an essential part of the zkEVM protocol. It is responsible for executing division operations, a fundamental mathematical operation in the context of blockchain transactions. Divisions, whether simple or complex, are the building blocks of many smart contracts and value transactions, making their precise execution a paramount concern for blockchain security.

B. Division Operations

1. Dividend, Divisor, Quotient, and Remainder

Before delving into the vulnerability, it's essential to understand the basic components of a division operation: the dividend, divisor, quotient, and remainder. These components form the core of the division process, with each variable playing a specific role.

In a division operation, the "dividend" represents the number being divided (E in this context), the "divisor" is the number by which it's divided (A), the "quotient" is the result of the division (B), and the "remainder" is what's left over after the division (C). These variables, along with an auxiliary variable (D, set to 0), are integral to the correct calculation of divisions within the zkEVM.

2. The Role of A, B, C, D, and E

In the context of the `divARITH` subroutine, `A` represents the divisor, `B` the quotient, `C` the remainder, and `E` the dividend. The correct calculation of these variables is crucial to the overall integrity of the division operation.

III. The Critical Vulnerability

A. Location of the Vulnerability

The vulnerability was found in the `divARITH` subroutine, where a critical flaw jeopardized the security of the entire system. This subroutine is a fundamental part of the zkEVM protocol, making the vulnerability especially concerning.

Within the `divARITH` subroutine, the vulnerability stemmed from the absence of a crucial validation step. While the code was designed to ensure the correctness of the division operation, it fell short in verifying the integrity of the remainder variable (C) generated during the division.

B. Lack of Validation

At the crux of the problem was the absence of proper validation. The code failed to verify the integrity of the remainder (C) generated by the division operation. In a correct division operation, the remainder should always be less than the divisor (A). This validation step is pivotal to ensure that the division operation is legitimate and accurate.

However, in the flawed implementation, the code incorrectly checked if the remainder (C) was less than the dividend (E) rather than the divisor (A). This critical oversight allowed malicious users to exploit the system.

C. Consequences of the Flaw

The consequences of this vulnerability were profound. It allowed malicious users to manipulate the division and modulo operations in their favor, leading to incorrect results. This had far-reaching implications for value transactions and, potentially, the trust in the system.

IV. Exploiting the Vulnerability

A. Malicious User's Advantage

1. Manipulating B and C

The vulnerability allowed malicious users to manipulate `B` and `C`, the quotient and remainder, during division operations. This manipulation was exploited to create equations that satisfied the flawed validation check. By setting `B` to `(E / A - 1)` and `C` to `(E % A + A)`, attackers ensured that the flawed validation check was met. This deceptive maneuver allowed them to forge results in their favor.

2. Equations Satisfying the Flawed Check

Malicious actors could set `B` to `(E / A - 1)` and `C` to `(E % A + A)`, ensuring that the flawed validation check was met. This deceptive maneuver allowed them to forge results in their favor.

B. Real-World Examples

Real-world examples illustrated how attackers could capitalize on this vulnerability to potentially claim more rewards than they were due, posing significant risks to the integrity of the system. For instance, consider a staking scenario where rewards are calculated based on division operations. Malicious actors, by manipulating the division, could inflate their rewards, potentially leading to financial loss for honest participants and eroding trust in the system.

V. Impact and Potential Risks

A. Staking and Value Transactions

The vulnerability's impact extended to value transactions, such as staking, where incorrect results could lead to unfair rewards distribution and potential financial loss. Staking involves locking up tokens to participate in the network's consensus mechanism, and the rewards are often determined through mathematical calculations. A vulnerability in these calculations could disrupt the fair distribution of rewards.

B. Risk to Funds and Trust

This vulnerability not only posed a risk to funds but also undermined the trust and reliability of the zkEVM protocol, emphasizing the importance of secure validation in blockchain systems. Users rely on the accuracy and security of blockchain protocols to safeguard their assets and interests. Any breach of trust could have severe consequences.

C. Importance of Correct Quotients and Remainders

The correct calculation of quotients and remainders is a fundamental aspect of division operations in blockchain systems. Ensuring their accuracy is pivotal for maintaining the integrity of the network. As seen in this case, a small oversight in validating these values can lead to significant vulnerabilities.

VI. Fixing the Vulnerability

Proposed Solution

The fix for this critical vulnerability involved adjusting the code to correctly check if the remainder `C` was less than the divisor `A`, as opposed to the dividend `E`. This solution aimed to rectify the flawed validation process.

1. Adjusting the Code

The code was modified to perform the correct validation, ensuring that the remainder `

C` adhered to the mathematical rules, with a specific focus on the divisor `A`. This adjustment addressed the vulnerability at its core, fortifying the division operation against exploitation.

2. Implementation and Correction

The corrective measures were implemented swiftly and efficiently, reflecting the agility and cooperation of the blockchain community. The vulnerability was addressed in the latest version of the code, and measures were taken to ensure its security. This proactive approach safeguarded the system and its users, restoring confidence in the zkEVM protocol.

Conclusion

The vulnerability in Polygon's zkEVM serves as a stark reminder of the critical role mathematics plays in blockchain systems. Ensuring the accuracy and security of mathematical operations is paramount to the reliability and trustworthiness of decentralized networks. The quick identification and rectification of this vulnerability demonstrate the resilience of the blockchain community in maintaining the integrity of its systems. As the blockchain space continues to evolve, vigilance in identifying and addressing vulnerabilities will be essential to its long-term success. The incident highlights the importance of continuous monitoring and the commitment to security in the ever-expanding world of blockchain technology.

About Orochi Network

Orochi Network is a cutting-edge zkOS (An operating system based on zero-knowledge proof) designed to tackle the challenges of computation limitation, data correctness, and data availability in the Web3 industry. With the well-rounded solutions for Web3 Applications, Orochi Network omits the current performance-related barriers and makes ways for more comprehensive dApps hence, becoming the backbone of Web3's infrastructure landscape.