ZKsync era-logo

ZKsync era

ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum without compromising on security or decentralization. Since it's EVM compatible (Solidity/Vyper), 99% of Ethereum projects can redeploy without refactoring or re-auditing a single line of code.

ETH
zkSync
Blockchain
L2
Solidity
Yul
Maximum Bounty
$1,100,000
Live Since
10 March 2023
Last Updated
14 November 2024
  • PoC required

  • KYC required

  • Smart Contracts - PoC, Smart Contract bug reports are to include a runnable Proof of Concept (PoC) in order to prove impact.

  • For more information on PoCs please visit: Proof of Concept (PoC) Guidelines and Rules.

  • Web/App - Bug reports are to include a runnable Proof of Concept (PoC) in order to prove impact. All web/app bug reports must come with a PoC with an end-effect impacting an asset-in-scope in order to be considered for a reward. All PoC content must adhere to the PoC guidelines and rules of Immunefi. In the event that a PoC requires an attack on a web/app asset provided, they must still adhere to the rules provided, otherwise eligibility for a reward may be revoked.

  • For more information on PoCs please visit: Proof of Concept (PoC) Guidelines and Rules

Whitehats we highly encourage you to review any potential subdomains and what specific port(s) are in scope. Even though the domain may be the same, different ports may point to different assets.

Dev Environment and Documentation:

ZKsync has included dev documentation and/or instructions to help in reviewing code and exploring for bugs:

Impacts to other assets:

Hackers are encouraged to submit issues outside of the outlined Impacts and Assets in Scope.

If whitehats can demonstrate a critical and high impact for an asset not in scope, ZKsync encourages you to submit your bug report using the “primacy of impact exception” asset.