Merge branch 'master' into stackaccount1-master

Author: keriat

README.md

@@ -85,3 +85,30 @@ Configuration in `cspell.json`:
 ]
 }
 ```
+
+---
+
+# zkSync Ecosystem
+
+- [**Start building with zkSync v2 🚀**](https://portal.zksync.io)
+- [Integration Docs](https://zksync.io/dev)
+- [Available API & protocols](https://zksync.io/api/)
+- [zkWallet](https://wallet.zksync.io/)
+- [zkMint](https://mint.zksync.dev/)
+- [Alternative Withdrawal](https://withdraw.zksync.io/)
+- [zkScan](https://zkscan.io/)
+- [’out-of-gas’ issue solver ](https://withdraw.zksync.io/)
+
+---
+
+- [Matter Labs: creators of the zkSync](https://matter-labs.io)
+- [zkSync Homepage](https://zksync.io)
+
+---
+> BTW, we're hiring: [See open positions](https://matter-labs.io/#jobs)
+
+## License
+
+zkWallet is distributed under the terms of both the MIT license, and the Apache License (v.2.0).
+
+See [LICENSE-APACHE](LICENSE-APACHE), [LICENSE-MIT](LICENSE-MIT) for details.

dist.zip

@@ -279,7 +279,7 @@ export = defineConfig(_ctx => {
     },
     extraWatchFiles: ['.vuepress/config/**'],
     head: [
-      ['script', { src: '/hack.js', defer: true }, ''],
+      ['script', { src: '/hack.js', defer: "defer" }, ''],
       ['link', { rel: 'icon', type: 'image/x-icon', href: '/favicon.ico' }],
       ['link', { rel: 'apple-touch-icon', sizes: '57x57', type: 'image/x-icon', href: '/apple-icon-57x57.png' }],
       ['link', { rel: 'apple-touch-icon', sizes: '60x60', type: 'image/x-icon', href: '/apple-icon-60x60.png' }],

docs/.vuepress/config.ts

@@ -1,22 +1,52 @@
-window.onload = () => {
-  // Script #1: Processing scroll-to-hash
-  window.onhashchange = (hashEvent) => {
-    if (hashEvent.oldURL !== hashEvent.newURL && hashEvent.isTrusted && window.location.hash) {
-      hashEvent.stopPropagation();
-      const element = document.getElementById(window.location.hash.slice(1));
+let lastHash = "";
+
+function locationHashChanged (event) {
+  try {
+    if (!event || !event.isTrusted) {
+      return;
+    }
+    const currentLocation = (event.path && event.path.length > 0 && event.path[0] && event.path[0].location) ? event.path[0].location : window.location;
+    if (currentLocation && currentLocation.hash !== "" && currentLocation.hash !== lastHash) {
+      const element = document.querySelector(currentLocation.hash);
       if (element) {
-        element.scrollIntoView({ behavior: "scrollBehavior" in document.documentElement.style ? "smooth" : undefined, block: "end", inline: "nearest" });
+        if (event.hasOwnProperty('stopPropagation')) {
+          event.stopPropagation();
+        }
+        if (element.hasOwnProperty('scrollIntoViewIfNeeded')) {
+          element.scrollIntoViewIfNeeded(true);
+        } else {
+          element.scrollIntoView({ behavior: 'smooth', block: 'start', inline: 'start' });
+        }
+        return false;
       }
-      return false;
+      lastHash = currentLocation.hash;
     }
-  };
+  } catch (err) {
+    console.debug(err);
+  }
+}
+
+window.addEventListener('loadeddata', (event) => {
+  locationHashChanged(event);
+});
+
+document.addEventListener('readystatechange', (event) => {
+  locationHashChanged(event);
+});
+
+// Script #1: Processing scroll-to-hash
+window.addEventListener('hashchange', (event) => {
+  locationHashChanged(event);
+});
 
-  // Script #2: Changing logo & home-link behaviour
-  const singleElement = document.querySelector("a.home-link");
-  const newHost = "https://zksync.io";
+// Script #2: Changing logo & home-link behaviour
+window.addEventListener('DOMContentLoaded', (event) => {
+  locationHashChanged(event);
+  const singleElement = document.querySelector('a.home-link');
+  const newHost = 'https://zksync.io';
 
   if (singleElement) {
-    singleElement.setAttribute("href", newHost);
-    singleElement.setAttribute("target", "_blank");
+    singleElement.setAttribute('href', newHost);
+    singleElement.setAttribute('target', '_blank');
   }
-};
+});

docs/.vuepress/public/ABDK_ZkSync_V8.pdf

@@ -2,13 +2,56 @@
 
 [[toc]]
 
-## ImmuneFi
+## Scope
 
-We have a bug bounty program at ImmuneFi that is focused on our smart contracts, ZK-SNARK circuits, web and app. Before submitting a bug, please read the [platform rules](https://immunefi.com/rules/) and description of the [bounty program](https://immunefi.com/bounty/zksync/).
+Issues that can lead to substantial loss of money, critical bugs like a broken live-ness condition, blocking upgrade system, irreversible loss of
+funds, or enforced exodus mode.
+
+## Assumptions
+
+In order to be eligible for the bug bounty, a bug should adhere to the security assumptions of zkSync. You can read more
+about them [here](https://github.com/matter-labs/zksync/blob/master/docs/protocol.md#assumptions).
+
+## Disclosure Policy
+
+Let us know as soon as possible upon discovery of a potential security issue.
+
+Provide us a reasonable amount of time to resolve the issue **before any disclosure** **to the public or a third
+party.**
+
+### The wrong way to disclose
+
+The following actions will make you ineligible for the bug bounty program:
+
+- Filing a public issue about the vulnerability
+- Testing the vulnerability on mainnet or testnet
+
+### The right way to disclose
+
+Please email us at [security@zksync.io](mailto:security@zksync.io). We appreciate detailed information about confirming
+or fixing the vulnerability. If possible, please use the PGP key below to encrypt the message.
+
+## Exclusions
+
+- Already known vulnerabilities.
+- Vulnerabilities in code not leading to funds lost or frozen.
+- Vulnerabilities not related to smart contracts or cryptography used by the protocol.
+
+## Eligibility
+
+- You must be the first reporter of the vulnerability
+- You must be able to verify a signature from the same address
+- Provide enough information about the vulnerability
+
+## Bounty Payout
+
+![bounty-table.png](/bounty-table.png)
+
+For severe cases involving a total loss of funds, we will pay a bounty of $500,000.
 
 ## Contact
 
-If for some reason you can't use **ImmuneFi**, then submit your requests here: [security@zksync.io](mailto:security@zksync.io).
+Please submit all your requests here: [security@zksync.io](mailto:security@zksync.io).
 
 ### PGP Key
 

docs/.vuepress/public/hack.js

@@ -4,24 +4,31 @@ sidebar: false
 
 # zkSync Security Audits
 
+## 03.29.2022
+
+By: [ABDK Consulting](https://www.abdk.consulting/). Release Tag:
+[Contracts-8](https://github.com/matter-labs/zksync/releases/tag/contracts-8)
+
+- [Report v1](/ABDK_ZkSync_V8.pdf)
+
 ## 06.29.2021
 
 By: [ABDK Consulting](https://www.abdk.consulting/). Release Tag:
 [Contracts-5.1](https://github.com/matter-labs/zksync/releases/tag/contracts-5.1)
 
-- [Report v1](https://docs.zksync.io/ABDK-ZkSync-Audit-v5.pdf)
+- [Report v1](/ABDK-ZkSync-Audit-v5.pdf)
 
 ## 03.02.2021
 
 By: [ABDK Consulting](https://www.abdk.consulting/). Release Tag:
 [Contracts-4.3](https://github.com/matter-labs/zksync/releases/tag/contracts-4.3)
 
 - [Report v2, Part 1](/ABDK-ZKSync-Audit-v2-part1.pdf).
-- [Report v2, Part 2](https://docs.zksync.io/ABDK-ZKSync-Audit-v2-part2.pdf).
+- [Report v2, Part 2](/ABDK-ZKSync-Audit-v2-part2.pdf).
 
 ## 16.06.2020
 
 By: [ABDK Consulting](https://www.abdk.consulting/). Release Tag:
 [Contracts-1](https://github.com/matter-labs/zksync/releases/tag/contracts-1)
 
-- [Report v1](https://docs.zksync.io/zksync-1.0-audit.pdf).
+- [Report v1](/zksync-1.0-audit.pdf).

docs/dev/security/bug-bounty.md

@@ -11,12 +11,7 @@
           "destination": "/index.html"
         }
       ],
-      "ignore": [
-        "firebase.json",
-        "**/.*",
-        "drafts",
-        "**/node_modules/**"
-      ],
+      "ignore": ["firebase.json", "**/.*", "drafts", "**/node_modules/**"],
       "redirects": [
         {
           "source": "/dev/bug-bounty.html",
@@ -83,19 +78,41 @@
           "destination": "/api/sdk/:path*",
           "type": 301
         }
+      ],
+      "headers": [
+        {
+          "source": "**",
+          "headers": [
+            {
+              "key": "Cache-Control",
+              "value": "no-cache, no-store, must-revalidate"
+            },
+            {
+              "key": "Referrer-Policy",
+              "value": "no-referrer, strict-origin-when-cross-origin"
+            },
+            {
+              "key": "X-Content-Type-Options",
+              "value": "nosniff"
+            },
+            {
+              "key": "X-Frame-Options",
+              "value": "DENY"
+            },
+            {
+              "key": "X-XSS-Protection",
+              "value": "1; mode=block"
+            }
+          ]
+        }
       ]
     },
     {
       "target": "staging",
       "cleanUrls": true,
       "trailingSlash": true,
       "public": "dist",
-      "ignore": [
-        "firebase.json",
-        "**/.*",
-        "drafts",
-        "**/node_modules/**"
-      ],
+      "ignore": ["firebase.json", "**/.*", "drafts", "**/node_modules/**"],
       "rewrites": [
         {
           "source": "**",
@@ -168,6 +185,33 @@
           "destination": "/api/sdk/:path*",
           "type": 301
         }
+      ],
+      "headers": [
+        {
+          "source": "**",
+          "headers": [
+            {
+              "key": "Cache-Control",
+              "value": "no-cache, no-store, must-revalidate"
+            },
+            {
+              "key": "Referrer-Policy",
+              "value": "no-referrer, strict-origin-when-cross-origin"
+            },
+            {
+              "key": "X-Content-Type-Options",
+              "value": "nosniff"
+            },
+            {
+              "key": "X-Frame-Options",
+              "value": "DENY"
+            },
+            {
+              "key": "X-XSS-Protection",
+              "value": "1; mode=block"
+            }
+          ]
+        }
       ]
     }
   ]