Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Timestamp Manipulation Risk

binaryreturns

Location: ScrvusdOracleV2.vy, in the _smoothed_price function and other timestamp-dependent calculations

Vulnerable Code:

@view

def _smoothed_price(last_price: uint256, raw_price: uint256) -> uint256:

# Ideally should be (max_price_increment / 10**18) ** (block.timestamp - self.last_update)

# Using linear approximation to simplify calculations

max_change: uint256 = (

self.max_price_increment * (block.timestamp - self.last_update) * last_price // 10**18

)

# -max_change <= (raw_price - last_price) <= max_change

if unsafe_sub(raw_price + max_change, last_price) > 2 * max_change:

return last_price + max_change if raw_price > last_price else last_price - max_change

return raw_price

Additional Timestamp-Dependent Functions:

@view

def _price_v1() -> uint256:

return self._smoothed_price(

self.last_prices[1], self._raw_price(block.timestamp, self.price_params_ts)

)

@view

def _price_v2() -> uint256:

return self._smoothed_price(

self.last_prices[2], self._raw_price(block.timestamp, block.timestamp)

)

Description:
The oracle heavily relies on block.timestamp for critical price calculations, particularly in the _smoothed_price function which implements the price smoothing mechanism. This function calculates the maximum allowed price change based on the time elapsed since the last update (block.timestamp - self.last_update).

Root Cause:
Block timestamps in Ethereum can be manipulated by miners within certain bounds (typically up to about 15 seconds into the future). While this is a known limitation of blockchain timestamps, it becomes a vulnerability when used in financial calculations without additional safeguards.

Impact:
A malicious miner could slightly manipulate the timestamp to increase the allowed price change (max_change), potentially allowing larger price movements than intended by the smoothing mechanism. In the context of a high-value DeFi system, even small manipulations could create profitable arbitrage opportunities.

For example, if the raw price has moved significantly, a miner could increase block.timestamp to maximize the allowed price change and then execute trades that profit from this larger-than-intended price movement. While the manipulation window is limited to seconds, in volatile markets with highly leveraged positions, even small timing and price advantages can be exploited for gain.

recommendation

Implement additional safeguards against timestamp manipulation.

Updates

Lead Judging Commences

0xnevi Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Assigned finding tags:

[invalid] finding-timestamp-manipulation

Extremely theoretical finding. No proof that and economic analysis of if such a manipulation is profitable.

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.