An unchecked multiplication of profit_unlocking_rate
by the time delta can overflow the uint256 type and produce an incorrect computation of unlockedshares
. This incorrect computation biases the _total_supply
, which ultimately warps the price output in _raw_price
. While exploitation is contingent upon a compromised PRICE_PARAMETERS_VERIFIER
role to employ an excessively large profit_unlocking_rate
, the absence of input validation enhances the risk at the expense of the integrity of the oracle.
Here's the problematic snippet:
Link for this: https://github.com/CodeHawks-Contests/2025-03-curve/blob/main/contracts/scrvusd/oracles/ScrvusdOracleV2.vy#L190-L213
The critical line is the following:
unlocked_shares = profit_unlocking_rate * (ts - last_profit_update) // MAX_BPS_EXTENDED
The problem with it is that multiplication profit_unlocking_rate * (ts - last_profit_update)
uses uint256 variables. In Vyper 0.4.0, if the product exceeds 2**256 - 1 it wraps around because of the absence of overflow checks. This produces an incorrect unlocked_shares
value after division by MAX_BPS_EXTENDED
This overflow affects the total supply calculation in the _total_supply
function as shown here:
If the calculated unlocked_shares
is greater than p.total_supply
due to the overflow the subtraction will underflow and an artificially large total_supply
value will be achieved
This vulnerability has severe consequences as an underflow in _total_supply
results in division errors which disrupts oracle functionality. Furthermore a criminal with the PRICE_PARAMETERS_VERIFIER
role could intentionally set a very large profit_unlocking_rate
to cause the price oracle to report artificially low prices.
Manual review
Even though to exploit this vulnerability an attacker has to have privileged role I would fix this anyway as we have seen on real world scenarios where privileged role users exploited a vulnerability.
In order to fix this I would cap the profit_unlocking_rate
value, like so:
I would then add a safe multiplication logic to prevent overflow before division
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.