Medium severity5.9OSV Advisory· Published May 14, 2024· Updated Apr 15, 2026
CVE-2024-34704
CVE-2024-34704
Description
era-compiler-solidity is the ZKsync compiler for Solidity. The problem occurred during instruction selection in the DAGCombine phase while visiting the XOR operation. The issue arises when attempting to fold the expression !(x cc y) into (x !cc y). To perform this transformation, the second operand of XOR should be a constant representing the true value. However, it was incorrectly assumed that -1 represents the true value, when in fact, 1 is the correct representation, so this transformation for this case should be skipped. This vulnerability is fixed in 1.4.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.3.23, 1.4.0+ 1 more
- (no CPE)range: 1.3.23, 1.4.0
- (no CPE)range: < 1.4.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.