web3-hunt-zksync-eralisted
Install: claude install-skill Olaradiallysymmetrical491/web3-bug-bounty-hunting-ai-skills
# LIVE HUNT: ZKsync Era (Immunefi) — COMPLETED, 0 FINDINGS
> **Outcome**: 0 submittable findings after 5+ sessions, 22+ agents, 25+ contracts, 25+ attack vectors
> **Lesson**: This file exists as a DEFENSE STUDY — what a hardened protocol looks like, and when to stop hunting.
---
## TARGET PROFILE
| Field | Value |
|-------|-------|
| Protocol | ZKsync Era (L2 rollup) |
| Platform | Immunefi |
| TVL | $322M (L2BEAT Total Value Secured) |
| Bounty | $100K minimum Critical, $1.1M max |
| Codebase | 750K LOC (Solidity + Rust + Yul) |
| Audits | OpenZeppelin V29 (June 2025), multiple prior audits |
| Version | Protocol V29.4 |
| Repo | `github.com/matter-labs/era-contracts` |
| Primacy | Primacy of Impact — even out-of-scope assets qualify |
| Prior payouts | $50K (ChainLight ZK circuit bug) |
### Pre-Dive Scorecard
| Check | Result | Score |
|-------|--------|-------|
| TVL > $500K | $322M | PASS |
| Max payout > $10K | $100K minimum | PASS |
| Simple protocol? | 750K LOC, L1↔L2 bridge + ZK + governance | PASS (complex) |
| < 500 lines? | 750K LOC | PASS |
| **Audit quality** | OpenZeppelin (top-tier) on ALL critical paths | **WARNING** |
> **REFINEMENT**: Pre-dive should weight audit quality MORE for large protocols.
> A protocol passing TVL/LOC/payout checks can still be unhuntable if OZ/ToB audited the exact code you'd hunt.
> Add "audit firm tier" as a SOFT kill signal for 500K+ LOC protocols.
---
## ARCHITECTURE (What Makes It Hardened)
### L1 Bridge Stack
```
Bri