The Curve Storage Proofs protocol contains a structural vulnerability in the relationship between two governance-controlled parameters: max_price_increment
and max_v2_duration
. While each parameter has individual validation bounds, their combined effect creates a multiplicative relationship that can lead to excessive price distortion. This vulnerability enables a governance attacker to make seemingly reasonable parameter adjustments that, when combined, create extreme price movements that undermine the protocol's security model and price stability guarantees.
The vulnerability stems from the independent validation of two parameters that have a multiplicative effect on price behavior:
max_price_increment - Controls price change rate per second with an extremely wide validation range:
max_v2_duration - Controls the maximum extrapolation periods:
These parameters interact in price calculation:
Root Cause:
The root cause is the lack of validation for the relationship between these parameters. The contract enforces individual bounds but not their combined effect, allowing parameter combinations that violate the protocol's security model.
Exploitation Conditions:
Attacker gains DEFAULT_ADMIN_ROLE privileges
Proposes a reasonable-seeming increase to max_price_increment
(e.g., from 10^10 to 10^12)
In a separate proposal, suggests an increase to max_v2_duration
Once both parameters are updated, the combined effect allows for price manipulation significantly beyond intended bounds
Financial Impact:
If both parameters are set to midpoint of their allowed ranges:
Price movement potential increases by ~20-50x compared to default values
During market volatility, this enables price distortions of 5-10x normal magnitude
Arbitrage opportunity: ~100,000 per event in a $10M liquidity pool
Could trigger cascading liquidations in dependent protocols
This calculation assumes:
Default max_price_increment
of 10^10 increased to 10^12
Default max_v2_duration
of 30 increased to 100
Combined amplification: ~333x normal impact
$10M liquidity in affected pools
User Impact:
Users relying on oracle prices face unexpected, rapid price movements
Liquidations could occur at prices far from market reality
StableSwap pools using the oracle could experience dramatic imbalances
Systemic Implications:
Undermines the reliability of the oracle for all integrated systems
Creates potential for governance manipulation through seemingly innocuous changes
Could trigger widespread liquidations in lending markets using the oracle
This vulnerability is classified as MEDIUM severity because:
It requires governance capture (high barrier to exploitation)
The potential impact is significant if successfully exploited
It represents a structural flaw in parameter validation
It undermines core security assumptions
Code analysis of governance parameter controls
Mathematical modeling of parameter interaction effects
Combinatorial parameter testing
Governance process analysis
Impact assessment across varying liquidity conditions
Immediate Mitigations:
Implement relationship validation between parameters:
Narrow the permitted parameter ranges significantly:
Long-term Fixes:
Implement a composite parameter that controls both aspects:
Add time delay for significant parameter changes with monitoring period:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.