Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: high

Invalid

Insufficient State Proof Verification in Verifier V1

entrancesun

Summary

The ScrvusdVerifierV1 contract uses RLP-encoded block headers and state proofs to extract vault parameters. However, its verification logic does not fully cross-check these extracted values against trusted sources such as the BlockHashOracle. Allows forged state proofs that can directly compromise the price, risking funds.

Vulnerability Details

-The functions (e.g. verifyScrvusdByBlockHash and verifyScrvusdByStateRoot) parse block headers and state proofs but lack comprehensive integrity checks for the decoded parameters.

-Critical vault metrics (total supply, idle funds, etc.) are not validated against known on-chain data, leaving the system open to forged proofs.

Elaboration

The ScrvusdVerifierV1 contract's verifyScrvusdByBlockHash function verifies scrvUSD parameters using an RLP-encoded block header and a corresponding state proof. However, it does not thoroughly cross-check these extracted values against trusted sources, such as the BlockHashOracle. This shortfall could allow forged state proofs to inject incorrect vault parameters.

Proof of Concept (PoC):

An attacker crafts a malicious state proof that falsely indicates an increase in the vault's total_debt.

// Malicious RLP-encoded block header and state proof

bytes memory fakeBlockHeaderRLP = /* crafted RLP-encoded block header */;

bytes memory fakeStateProofRLP = /* crafted RLP-encoded state proof */;

// Attacker calls verifyScrvusdByBlockHash with malicious proofs

scrvusdVerifierV1.verifyScrvusdByBlockHash(fakeBlockHeaderRLP, fakeStateProofRLP);

In this PoC, the attacker submits forged proofs that, due to insufficient verification, are accepted by the contract, leading to incorrect updates to the oracle's price data.

Impact

-An attacker could submit a crafted state proof with manipulated vault parameters that would be accepted by the verifier, resulting in an incorrect update to the scrvUSD price.

-Such an exploit could destabilize cross-chain pools by providing false data on the vault’s financial state.

Tools Used

-Manual Code Review

-Solodit Checklist review regarding state proof and input consistency

-Chat GPT o3-mini-high

Recommendations

-Enhance the RLP decoding and verification logic to include complete integrity checks on all critical parameters.

-Cross-check all decoded values against the BlockHashOracle’s records or other trusted sources before updating the oracle.

-Consider adding a fallback or delay mechanism in cases where the extracted data appears anomalous.

Updates

Lead Judging Commences

0xnevi Lead Judge

11 months ago

0xnevi Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!