Certik recently conducted an audit on Merlin, a decentralized exchange using zkSync, but immediately after the audit, the exchange was hacked and lost over $1.82 million.
Certik is currently investigating the incident and initial findings suggest a potential issue with private key management, though it has not yet been confirmed that this was due to a code exploit.
eZKalibur, another zkSync decentralized exchange, has identified two lines of code in the initialize function of the contract that could have been responsible for the draining of funds.
Certik has tweeted that it highlighted the centralization risk in its audit of Merlin, though it is being questioned whether the risk of a rug pull should have been highlighted as well.
