fAmulet: Finding Finalization Failure Bugs in Polygon zkRollup

TL;DR

This paper introduces fAmulet, a novel fuzzing-based tool for detecting finalization failure bugs in zero-knowledge layer 2 protocols like Polygon zkRollup, uncovering twelve new bugs and demonstrating its effectiveness and generality.

Contribution

It presents the first systematic study of finalization failure bugs and develops fAmulet, the first tool specifically designed to detect such bugs in zero-knowledge rollups.

Findings

Uncovered 12 zero-day bugs in Polygon zkRollup.

fAmulet covers 20.8% more branches than baseline methods.

Successfully identified a bug in Scroll zkRollup, demonstrating generality.

Abstract

Zero-knowledge layer 2 protocols emerge as a compelling approach to overcoming blockchain scalability issues by processing transactions through the transaction finalization process. During this process, transactions are efficiently processed off the main chain. Besides, both the transaction data and the zero-knowledge proofs of transaction executions are reserved on the main chain, ensuring the availability of transaction data as well as the correctness and verifiability of transaction executions. Hence, any bugs that cause the transaction finalization failure are crucial, as they impair the usability of these protocols and the scalability of blockchains. In this work, we conduct the first systematic study on finalization failure bugs in zero-knowledge layer 2 protocols, and define two kinds of such bugs. Besides, we design fAmulet, the first tool to detect finalization failure bugs in Polygon zkRollup, a prominent zero-knowledge layer 2 protocol, by leveraging fuzzing testing. To trigger finalization failure bugs effectively, we introduce a finalization behavior model to guide our transaction fuzzer to generate and mutate transactions for inducing diverse behaviors across each component (e.g., Sequencer) in the finalization process. Moreover, we define bug oracles according to the distinct bug definitions to accurately detect bugs. Through our evaluation, fAmulet can uncover twelve zero-day finalization failure bugs in Polygon zkRollup, and cover at least 20.8% more branches than baselines. Furthermore, through our preliminary study, fAmulet uncovers a zero-day finalization failure bug in Scroll zkRollup, highlighting the generality of fAmulet to be applied to other zero-knowledge layer 2 protocols. At the time of writing, all our uncovered bugs have been confirmed and fixed by Polygon zkRollup and Scroll zkRollup teams.