Incorrect Oracle Call in verifyPeriodByBlockHash and verifyPeriodByStateRoot
Summary
The contract ScrvusdVerifierV2 inherits SCRVUSD_ORACLE from ScrvusdVerifierV1, which defines it as an IScrvusdOracle. However, ScrvusdVerifierV2 attempts to call the function update_profit_max_unlock_time, which is only present in IScrvusdOracleV2. If IScrvusdOracle does not include this function, the call will revert, breaking execution
Vulnerability Details
In verifyPeriodByBlockHash and verifyPeriodByStateRoot, the contract executes:
However, SCRVUSD_ORACLE is inherited from ScrvusdVerifierV1 and is defined as:
The base contract does not specify that
SCRVUSD_ORACLEimplementsIScrvusdOracleV2, meaning if the deployed oracle contract lacks the function, transactions will fail.This results in broken execution, preventing profit unlock time updates from functioning correctly.
Impact
If the incorrect interface is used, execution will fail whenever update_profit_max_unlock_time is called, preventing updates to critical financial parameters. This could lead to profit unlocking functionality being completely non-operational.
Tools Used
Manual code review
Static analysis of contract inheritance and function calls
Recommendations
Ensure that
SCRVUSD_ORACLEis explicitly declared as implementingIScrvusdOracleV2inScrvusdVerifierV2.Use interface typecasting cautiously to prevent calls to undefined functions.
Validate that the deployed oracle contract implements
update_profit_max_unlock_timebefore executing transactions.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.