DeFiLayer 1Layer 2
14,723 OP
View results
Submission Details
Severity: medium
Invalid

Incorrect Storage Slot Calculation for `balanceOf(self)` in `ScrvusdVerifierV1.sol`

Summary

The ScrvusdVerifierV1 contract incorrectly calculates the storage slot for balanceOf(self) in the PARAM_SLOTS array. The slot is defined as keccak256(abi.encode(18, SCRVUSD)), which reverses the standard Solidity mapping slot calculation order (should be keccak256(abi.encode(SCRVUSD, 18))).

This results in an incorrect value being extracted for params[6], which is passed to the SCRVUSD_ORACLE for price updates, potentially incorrect calculations.

Vulnerability Details

In the PARAM_SLOTS array:

uint256[PARAM_CNT] internal PARAM_SLOTS = [
uint256(0), // filler for account proof
uint256(21), // total_debt
uint256(22), // total_idle
uint256(20), // totalSupply
uint256(38), // full_profit_unlock_date
uint256(39), // profit_unlocking_rate
uint256(40), // last_profit_update
uint256(keccak256(abi.encode(18, SCRVUSD))) // balanceOf(self)
];
  • The entry keccak256(abi.encode(18, SCRVUSD)) is intended to represent the storage slot for balanceOf(self).

  • For a standard Solidity mapping mapping(address => uint256) balanceOf at slot 18, the correct slot calculation is keccak256(abi.encode(SCRVUSD, 18)), with the key (SCRVUSD) preceding the base slot (18).

  • The reversed order (18, SCRVUSD) produces an incorrect hash, meaning the extracted params[6] does not correspond to balanceOf(SCRVUSD).

Impact

  1. Incorrect Oracle Data: The SCRVUSD_ORACLE receives an incorrect params[6], which could skew price calculations or validation logic if balanceOf(self) is used.

  2. Financial Risk: If the oracle’s output affects pricing, liquidity, or reserves in downstream contracts, this could lead to indirect financial losses or exploitable discrepancies.

Tools Used

  • Manual code review.

Recommendations

Correct the Slot Calculation: Update PARAM_SLOTS[7] to use the proper order

uint256[PARAM_CNT] internal PARAM_SLOTS = [
0, // filler for account proof
21, // total_debt
22, // total_idle
20, // totalSupply
38, // full_profit_unlock_date
39, // profit_unlocking_rate
40, // last_profit_update
(-) keccak256(abi.encode(18,SCRVUSD)) // balanceOf(self)
(+) keccak256(abi.encode(SCRVUSD, 18)) // balanceOf(self)
];
Updates

Lead Judging Commences

0xnevi Lead Judge
3 months ago
0xnevi Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

[invalid] finding-ScrvusdVerifierV1-incorrect-storage-slot-balanceOf-compute

- Per sponsor comments, verified slot is vyper, solidity contract only verifies it. - Vyper computes storage slots different from solidity as seen [here](https://ethereum.stackexchange.com/questions/149311/storage-collision-in-vyper-hashmap)

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.