DeFiLayer 1Layer 2
14,723 OP
View results
Submission Details
Severity: high
Invalid

MPT-Based Attack Vector on Cross-Chain Oracle Systems

Summary

A timing discrepancy vulnerability has been identified in the ScrvusdOracleV2 implementation across different L2 chains. This vulnerability stems from the inherent characteristics of Merkle Patricia Tries (MPT) and how they affect response times for accessing state data at different address depths. An attacker could exploit these timing differences to perform arbitrage between chains when the scrvUSD price updates, creating MEV (Maximal Extractable Value) opportunities without actually compromising the oracle's data integrity.

Vulnerability Details

The vulnerability exists because the ScrvusdOracleV2 contract relies on block number verification that doesn't account for cross-chain timing differences:

@external
def update_price(
_parameters: uint256[ALL_PARAM_CNT], _ts: uint256, _block_number: uint256
) -> uint256:
access_control._check_role(PRICE_PARAMETERS_VERIFIER, msg.sender)
# Allowing same block updates for fixing bad blockhash provided (if possible)
assert self.last_block_number <= _block_number, "Outdated"
self.last_block_number = _block_number

The core issue originates from how different L2 chains process and update oracle data based on Ethereum mainnet blocks. According to research in "NURGLE: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation," the MPT structure causes varying access times depending on the position of an address in the trie.

Specifically:

  1. The oracle updates approximately every 30 minutes with new mainnet block data

  2. The time required to process these updates varies across L2 chains based on the MPT depth of the contract addresses

  3. The contract's validation only ensures the block number is not outdated (assert self.last_block_number <= _block_number)

  4. There are no mechanisms to synchronize updates across different chains

Even though the contract implements price smoothing, this mechanism is designed to prevent price manipulation rather than address cross-chain timing differences:

@view
def _smoothed_price(last_price: uint256, raw_price: uint256) -> uint256:
max_change: uint256 = (
self.max_price_increment * (block.timestamp - self.last_update) * last_price // 10**18
)
if unsafe_sub(raw_price + max_change, last_price) > 2 * max_change:
return last_price + max_change if raw_price > last_price else last_price - max_change
return raw_price

Impact

This vulnerability enables a sophisticated form of cross-chain arbitrage:

  1. An attacker can monitor price updates on Ethereum mainnet

  2. By understanding the MPT depth of oracle contracts on different L2 chains, they can predict which chains will update first

  3. They can then execute trades on the faster-updating chain first, followed by corresponding trades on slower-updating chains

  4. This creates a risk-free profit opportunity during the timing window between updates

The financial impact depends on:

  • The magnitude of price changes in scrvUSD

  • The liquidity available across different chains

  • The update frequency (currently ~30 minutes)

  • The predictability of the timing differences

While this doesn't compromise the integrity of the price data itself, it creates an unfair advantage for technically sophisticated actors and potentially reduces profits for legitimate liquidity providers.

Tools Used

Manual code review and analysis based on academic research on MPT vulnerabilities, specifically the paper "NURGLE: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation."

Recommendations

To mitigate this vulnerability, I recommend implementing an address rotation strategy with the following components:

  1. Periodic Address Rotation:

    • Regularly deploy new oracle contracts at different addresses

    • Transfer authority to these new contracts on a scheduled basis

    • This randomizes the MPT position, disrupting timing prediction

  2. Enhanced Validation:

# Add these parameters to the contract
min_update_interval: public(uint256)
max_timestamp_deviation: public(uint256)
max_block_number_deviation: public(uint256)
# Modify the update_price function to include
assert block.timestamp - self.last_update >= min_update_interval, "Too frequent updates"
assert abs(block.timestamp - _ts) <= max_timestamp_deviation, "Timestamp deviation too large"
assert _block_number >= self.last_block_number, "Outdated block number"
assert _block_number <= self.last_block_number + max_block_number_deviation, "Block number too far ahead"
  1. Cross-Chain Coordination:

    • Implement a coordination mechanism to ensure updates across different chains occur within a smaller time window

    • Consider using a commit-reveal scheme for updates to prevent front-running

  2. Monitoring System:

    • Deploy monitoring tools to detect unusual patterns of cross-chain trading activity around update times

    • Implement circuit breakers if suspicious arbitrage patterns are detected

By implementing these recommendations, particularly the address rotation strategy, the predictability of timing differences can be significantly reduced, making this attack vector impractical to exploit.

Updates

Lead Judging Commences

0xnevi Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[invalid] finding-cross-chain-price-latency-update-time-inconsistency

- I believe all issues do not provide a sufficient proof that this latency lags can cause a dangerous arbitrage - Sponsor Comments - There is no issues with small lags if used in liquidity pools for example because of fees. Fees generate spread within which price can be lagged. - Looking at the price charts [here](https://coinmarketcap.com/currencies/savings-crvusd/), there is never a large spike in price (in absolute values), that can be exploited, combined with the fact that prices are smoothed and updates are not immediate - Not even the most trusted oracles e.g. chainlink/redstone can guarantee a one-to-one synchronized value, so in my eyes, the price smoothening protection is sufficient in protecting such issues

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.