File: ScrvusdVerifierV1.sol
Line: 20
Code:
Description: The contract interacts with an external oracle contract without validating its authenticity. If the external contract is compromised or malicious, it could manipulate critical functions within ScrvusdVerifierV1, leading to potential loss of funds or incorrect oracle data.
Remediation: Implement strict access controls and validate the authenticity of external contracts before interaction. Consider using known, trusted addresses and incorporating mechanisms to update these addresses securely.
File: ScrvusdVerifierV1.sol
Line: 29
Code:
Description: The update_price
function accepts parameters without validating their ranges or formats. Malicious or erroneous inputs could lead to incorrect price updates, affecting the stability and reliability of the system.
Remediation: Implement comprehensive input validation to ensure that all parameters meet expected ranges and formats before processing.
File: MarketMakingEngine.sol
Line: 158, 288
Code:
Description: The getAdjustedProfitForMarketId
function applies the deleverage factor, but the value is then passed to withdrawUsdTokenFromMarket
, where the deleverage factor is applied again. This results in fewer USD tokens being transferred than expected, leading to financial discrepancies.
Remediation: Ensure that the deleverage factor is only applied once. Modify withdrawUsdTokenFromMarket
to accept the correct PNL value without reapplying the deleverage factor.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.