Our analysis of the Curve Storage Proofs protocol implementation has identified a potential Time-of-Check Time-of-Use (TOCTOU) vulnerability in the Merkle proof verification mechanism. If left unaddressed prior to deployment, this issue could potentially allow manipulation of price parameters through the blockhash oracle verification mechanism. This finding stems from the separation between retrieving state roots and verifying proofs, combined with reliance on a single oracle source and absence of recency validation.
The potential vulnerability exists in the Merkle proof validation mechanism implemented in ScrvusdVerifierV1.sol
and ScrvusdVerifierV2.sol
. These contracts verify cross-chain state proofs from Ethereum by:
Requesting a state root from a blockhash oracle
Using that state root to verify a Merkle proof
Accepting parameter updates based on that verification
Our analysis identified three aspects that contribute to this finding:
The verification appears to be split across multiple function calls, creating a time gap between checking and using the proof data:
This separation could potentially create a situation where the system's state might change between retrieval and usage of the state root.
The implementation appears to rely on a single blockhash oracle without cross-validation:
We couldn't identify additional validation to ensure the state root provided by the oracle is correct, which may create a potential single point of failure.
We observed that both implementations do not appear to check whether provided block numbers are recent:
The absence of recency checking could potentially allow replaying of old proofs if the blockhash oracle were to be compromised after deployment.
If deployed without addressing this finding, there could be potential risk of price manipulation:
If exploited after deployment, an attacker might be able to manipulate price parameters to create arbitrage opportunities
Based on a hypothetical scenario with $10M liquidity in affected pools, the potential impact could be significant
In a worst-case scenario, incorrect liquidations in lending protocols using the oracle could have cascading effects
Could potentially affect the security guarantees of the Storage Proofs protocol
Might create risk for protocols relying on consistent pricing
Appears to diverge from best practices for cross-chain oracle security
We believe this finding warrants a HIGH severity classification based on:
It relates to a critical security component (verification of state proofs)
It could potentially be exploitable under certain conditions
The potential impact could be significant if deployed without modifications
If deployed without modifications, a potential attacker might:
Monitor the blockhash oracle for vulnerabilities or operational issues
Prepare manipulated price parameters that would be profitable when used
Store historical state proofs from Ethereum blocks for potential replay
A hypothetical attack path might involve:
Waiting for (or causing) oracle maintenance, upgrades, or malfunctions
Submitting carefully crafted proofs that validate against incorrect state roots
Executing trades using any resulting price discrepancies
Potentially extracting value before the issue is detected
We respectfully suggest considering the following improvements before deployment:
Block Recency Validation - A straightforward enhancement with significant security benefits
Multi-Oracle Consensus - Consider implementing state root validation across multiple sources
Parameter Change Circuit Breakers - Consider adding thresholds for maximum parameter changes
Rate Limiting on Parameter Changes
Time-based rate limiting for consecutive updates
Maximum change thresholds for critical parameters
Additional verification for changes exceeding thresholds
Time-Bounded Proof Validation
Maximum age for proofs (e.g., 24 hours)
Stricter recency requirements for high-value parameters
Time-weighted verification approaches
Monitoring System
Blockhash oracle performance monitoring
Alerts for unusual parameter changes
Health checks for cross-chain verification system
We believe implementing these suggestions would significantly enhance the security posture of the Curve Storage Proofs protocol before deployment and align with industry best practices for secure cross-chain state verification.
- See [here]([https://github.com/CodeHawks-Contests/2025-03-curve?tab=readme-ov-file#blockhash-oracle)](https://github.com/CodeHawks-Contests/2025-03-curve?tab=readme-ov-file#blockhash-oracle) on how it is used to verify storage variable - All state roots and proofs must be verified by the OOS `StateProofVerifier` inherited as `Verifier` (where the price values and params are extracted), so there is no proof that manipulating timestamp/inputs can affect a price update - It is assumed that the OOS prover will provide accurate data and the OOS verifier will verify the prices/max unlock time to be within an appropriate bound/values - There is a account existance check in L96 of `ScrvusdVerifierV1.sol`, in which the params for price updates are extracted from
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.