The ScrvusdVerifier contracts lack proper replay protection mechanisms, allowing potential attackers to resubmit previously used proofs to manipulate the oracle system, which could lead to price manipulation, denial of service, or other malicious outcomes.
The verification functions in ScrvusdVerifierV1 and ScrvusdVerifierV2 do not implement any mechanism to prevent replay attacks:
The contract forwards all verification requests to the Oracle contract without:
Tracking which proofs or block hashes have already been processed
Implementing nonce-based protection
Validating that newer information is being provided
Checking if the same proof has been submitted multiple times
The only protection potentially provided would be in the oracle implementation itself, but this is not guaranteed by the verifier contract.
Similarly, in ScrvusdVerifierV2:
There is no mechanism to prevent a previously used block header and proof from being resubmitted.
The lack of replay protection could allow attackers to:
Resubmit older, more favorable proofs to manipulate price data
Force the system to revert to previous states by replaying old but valid proofs
Create inconsistencies in oracle data by mixing current and past state information
Execute denial-of-service attacks by continuously submitting the same valid proofs
Potentially bypass time-sensitive restrictions by reusing proofs from specific time windows
The severity of this issue depends on how the Oracle contract handles updates, but it represents a fundamental security flaw in the verification process.
Implement Block Number Tracking:
Track Proof Hashes:
Store hashes of processed proofs to prevent reuse
Implement a time-based expiration for proof validity
Enforce Monotonically Increasing Block Numbers:
Maintain a lastProcessedBlockNumber state variable
Require new submissions to use higher block numbers
Nonce-Based Protection:
Implement a nonce system for proof submissions
Require each submission to use an incremented nonce
By implementing these recommendations, the contract would significantly reduce the risk of replay attacks and enhance the integrity of the oracle update process.
- All proof generated within `_proof_rlp` is generated via the off-chain prover, so there is no concrete proof that this proofs are non-unique. - All state roots and proofs must be verified by the OOS `StateProofVerifier` inherited as `Verifier`, so there is no proof that manipulating proofs can successfully pass a price update
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.