Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Unbounded Loop Gas Exhaustion Risk

binaryreturns

Description:

The _obtain_price_params function contains a loop that could consume excessive gas.

Root Cause:

The loop iterates number_of_periods times (bounded by MAX_V2_DURATION). If parameters_ts - params.last_profit_update is large (e.g., after extended inactivity), number_of_periods could be high enough to exceed gas limits.

Impact:

Transactions calling functions that use _obtain_price_params could fail due to excessive gas consumption, effectively DoSing the oracle during potentially critical market movements.

code

# From ScrvusdOracleV2.vy

@view

def _obtain_price_params(parameters_ts: uint256) -> PriceParams:

"""

@notice Obtain Price parameters true or assumed to be true at `parameters_ts`.

Assumes constant gain(in crvUSD rewards) through distribution periods.

@param parameters_ts Timestamp to obtain parameters for

@return Assumed `PriceParams`

"""

params: PriceParams = self.price_params

period: uint256 = self.profit_max_unlock_time

if params.last_profit_update + period >= parameters_ts:

return params

number_of_periods: uint256 = min(

(parameters_ts - params.last_profit_update) // period,

self.max_v2_duration,

)

# locked shares at moment params.last_profit_update

gain: uint256 = (

params.balance_of_self * (params.total_idle + params.total_debt) // params.total_supply

)

params.total_idle += gain * number_of_periods

# functions are reduced from `VaultV3._process_report()` given assumptions with constant gain

for _: uint256 in range(number_of_periods, bound=MAX_V2_DURATION):

new_balance_of_self: uint256 = (

params.balance_of_self

* (params.total_supply - params.balance_of_self) // params.total_supply

)

params.total_supply -= (

params.balance_of_self * params.balance_of_self // params.total_supply

)

params.balance_of_self = new_balance_of_self

# [rest of function omitted for brevity]

recommendation

Restructure the _obtain_price_params function to avoid loops or ensure the gas cost remains reasonable.

Updates

Lead Judging Commences

0xnevi Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

[invalid] finding-obtain-price-unbounded-loop

Invalid, In the verifier contracts, each price param count is restricted to 7 as per `PARAM_CNT`

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.