A timing discrepancy vulnerability has been identified in the ScrvusdOracleV2 implementation across different L2 chains. This vulnerability stems from the inherent characteristics of Merkle Patricia Tries (MPT) and how they affect response times for accessing state data at different address depths. An attacker could exploit these timing differences to perform arbitrage between chains when the scrvUSD price updates, creating MEV (Maximal Extractable Value) opportunities without actually compromising the oracle's data integrity.
The vulnerability exists because the ScrvusdOracleV2 contract relies on block number verification that doesn't account for cross-chain timing differences:
The core issue originates from how different L2 chains process and update oracle data based on Ethereum mainnet blocks. According to research in "NURGLE: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation," the MPT structure causes varying access times depending on the position of an address in the trie.
Specifically:
The oracle updates approximately every 30 minutes with new mainnet block data
The time required to process these updates varies across L2 chains based on the MPT depth of the contract addresses
The contract's validation only ensures the block number is not outdated (assert self.last_block_number <= _block_number
)
There are no mechanisms to synchronize updates across different chains
Even though the contract implements price smoothing, this mechanism is designed to prevent price manipulation rather than address cross-chain timing differences:
This vulnerability enables a sophisticated form of cross-chain arbitrage:
An attacker can monitor price updates on Ethereum mainnet
By understanding the MPT depth of oracle contracts on different L2 chains, they can predict which chains will update first
They can then execute trades on the faster-updating chain first, followed by corresponding trades on slower-updating chains
This creates a risk-free profit opportunity during the timing window between updates
The financial impact depends on:
The magnitude of price changes in scrvUSD
The liquidity available across different chains
The update frequency (currently ~30 minutes)
The predictability of the timing differences
While this doesn't compromise the integrity of the price data itself, it creates an unfair advantage for technically sophisticated actors and potentially reduces profits for legitimate liquidity providers.
Manual code review and analysis based on academic research on MPT vulnerabilities, specifically the paper "NURGLE: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation."
To mitigate this vulnerability, I recommend implementing an address rotation strategy with the following components:
Periodic Address Rotation:
Regularly deploy new oracle contracts at different addresses
Transfer authority to these new contracts on a scheduled basis
This randomizes the MPT position, disrupting timing prediction
Enhanced Validation:
Cross-Chain Coordination:
Implement a coordination mechanism to ensure updates across different chains occur within a smaller time window
Consider using a commit-reveal scheme for updates to prevent front-running
Monitoring System:
Deploy monitoring tools to detect unusual patterns of cross-chain trading activity around update times
Implement circuit breakers if suspicious arbitrage patterns are detected
By implementing these recommendations, particularly the address rotation strategy, the predictability of timing differences can be significantly reduced, making this attack vector impractical to exploit.
- I believe all issues do not provide a sufficient proof that this latency lags can cause a dangerous arbitrage - Sponsor Comments - There is no issues with small lags if used in liquidity pools for example because of fees. Fees generate spread within which price can be lagged. - Looking at the price charts [here](https://coinmarketcap.com/currencies/savings-crvusd/), there is never a large spike in price (in absolute values), that can be exploited, combined with the fact that prices are smoothed and updates are not immediate - Not even the most trusted oracles e.g. chainlink/redstone can guarantee a one-to-one synchronized value, so in my eyes, the price smoothening protection is sufficient in protecting such issues
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.