Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Insecure Timestamp Handling via On-Chain Parameter Leading to Price Oracle Manipulation

francohacker

Summary

This vulnerability arises from using the last_profit_update value as a surrogate for the actual block timestamp. If this value is manipulated or set incorrectly, it can lead to inaccurate time calculations in the price smoothing algorithm, potentially resulting in erroneous price updates. Although access control measures reduce the likelihood of external exploitation, the reliance on a manipulable on-chain timestamp still poses a risk to price stability, making this vulnerability medium severity.

Vulnerability Details

The vulnerability stems from using the last_profit_update field from the PriceParams structure as a surrogate for the actual block timestamp during price calculations. This field, which is derived from on-chain parameters (specifically, _parameters[5] in update_price), may not accurately reflect the real time at which the data is valid.

Mechanism:
In functions such as _obtain_price_params, the code uses last_profit_update to compute the number of periods that have elapsed, influencing the calculation of unlocked shares and subsequently the price. If last_profit_update is incorrect—whether due to misconfiguration, data corruption, or intentional manipulation—the calculated time interval will be wrong. This can lead to improper smoothing of the price, resulting in either excessive or insufficient adjustments.

Impact

Inaccurate Price Updates: The price smoothing algorithm relies on a correct time interval. An incorrect timestamp leads to erroneous calculations, potentially causing the oracle to update the price based on an inaccurate time period.

Stability Risks: Since price feeds are critical for integrations such as StableSwap pools, using an inaccurate timestamp can destabilize the pricing mechanism, affecting the reliability of financial operations dependent on scrvUSD.
Limited Exploitability: While access control restricts who can update this value, any misconfiguration or compromised role with permission could deliberately set an inaccurate last_profit_update, thereby affecting the system.

Tools Used

manual review

Recommendations

Instead of relying on the last_profit_update value for time-based calculations, it is recommended to use the actual block timestamp (similar to the approach in verifyScrvusdByBlockHash). This change would ensure that the timing used in the price smoothing algorithm reflects real-time data, thereby improving the reliability and stability of the price feed.

Updates

Lead Judging Commences

0xnevi Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Assigned finding tags:

[invalid] finding-timestamp-manipulation

Extremely theoretical finding. No proof that and economic analysis of if such a manipulation is profitable.

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.