Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Potential Integer underflows in _total_supply Calculation

asar

Summary

A potential integer underflow risk exists in the _total_supply function, where subtraction operations could lead to unintended large values if not handled correctly.

Vulnerability Details

The _total_supply function subtracts _unlocked_shares from total_supply. However, if unlocked_shares is greater than total_supply, this could result in an integer underflow (an underflow occurs, causing total_supply to wrap to an extremely large value).

Impact

An underflow could lead to highly inaccurate calculations, resulting in incorrect share pricing.
This could disrupt the oracle’s ability to function correctly, leading to erroneous price feeds.
Potentially, an attacker could exploit this flaw to manipulate asset valuation calculations.

Tools Used

manual review

Recommendations

add an assertion to ensure unlocked_shares <= total_supply.
Implement SafeMath-style arithmetic to prevent underflows and overflows.
Implement a check to ensure _unlocked_shares never exceeds total_supply before performing the subtraction.

Updates

Lead Judging Commences

0xnevi Lead Judge

6 months ago

0xnevi Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Assigned finding tags:

[invalid] finding-division-by-zero

Note that `total_supply` and `profit_unlocking_rate` is initially set to 1 and 0 respectively when the `ScrvusdOracleV2.vy` is deployed 1. `total_supply` and `profit_unlocking_rate` is part of the price param updates within `update_price`, which must have gone through verification via the OOS `StateProofVerifier` contract, so there is no evidence that a 0 supply is allowed either via a 0 supply update or an extremely high `profit_unlocking_rate`. 2. Since price is retrieved via values retrived from the V3Vault, if there is no supply, there is arguably no price to be posted. As such, reverting is arguably the correct choice since a 0 price value is not expected from scrvUSD, which is a stable coin.

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.