Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: high

Invalid

Storage Slot Dependency in Verifier Contracts Leading to Oracle Failure

ngochungp295

Summary

The scrvUSD Oracle system relies on hardcoded storage slots to read critical parameters (e.g., total_debt, total_idle) from Ethereum’s scrvUSD vault. If the Ethereum contract’s storage layout changes (e.g., during an upgrade), Verifier contracts will read incorrect data from outdated slots,resulting in erroneous price outputs.

Vulnerability Details

The verifier contracts (ScrvusdVerifierV1.sol and ScrvusdVerifierV2.sol) use fixed storage slot indices to retrieve critical parameters from the scrvUSD contract on Ethereum.

ScrvusdVerifierV1.sol

// Storage slots of parameters

uint256[PROOF_CNT] internal PARAM_SLOTS = [

uint256(0), // filler for account proof

uint256(21), // total_debt

uint256(22), // total_idle

uint256(20), // totalSupply

uint256(38), // full_profit_unlock_date

uint256(39), // profit_unlocking_rate

uint256(40), // last_profit_update

uint256(keccak256(abi.encode(18, SCRVUSD))) // balanceOf(self)

];

ScrvusdVerifierV2.sol

uint256 internal PERIOD_SLOT = 37; // profit_max_unlock_time

Verifier contracts use fixed slot positions to fetch parameters (e.g., PARAM_SLOTS = [0, 21, 22, ...]). These slots are not dynamically mapped and assume Ethereum’s scrvUSD vault storage layout remains static.

Ethereum smart contracts, especially those using proxy patterns (e.g., UUPS or Transparent proxies), can undergo upgrades that alter their storage layout.

Example:
If total_debt moves from slot 21 to 22 during an upgrade, VerifierV1 will incorrectly read total_idle as total_debt

Or removal or reordering: Deleting or rearranging variables misaligns the expected slots.

code:

Impact

Oracle returns garbage values (e.g., total_assets = total_debt + total_idle becomes nonsensical).
StableSwap pools trade at incorrect prices, enabling arbitrageurs to drain LP funds.

-> Directly undermines the oracle’s core functionality.

Tools Used

Ethereum Storage Layout Analyzers: Compared slot assignments across scrvUSD versions.

Recommendations

Dynamic Slot Resolution: Investigate on-chain methods to dynamically determine slot locations (e.g., via contract metadata or introspection)

Or Storage Layout Monitoring: Automatically flag Ethereum contract upgrades and validate slot changes via governance alerts.

Updates

Lead Judging Commences

0xnevi Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Assigned finding tags:

[invalid] finding-upgradeable-verifier-contracts

Invalid, - srCRVUSD is a minimal proxy, meaning it can never by upgraded, see [here](https://www.cyfrin.io/blog/upgradeable-proxy-smart-contract-pattern#:~:text=Minimal%20proxies%20are%20distinct%20from,provide%20upgrade%20or%20authorization%20functionality.) and [here](https://www.rareskills.io/post/eip-1167-minimal-proxy-standard-with-initialization-clone-pattern) for more info. - Even if srcrvUSD is migrated in the future via a new minimal proxy contract deployment (which is highly unlikely), the verifier contracts can be migrated along with it via revoking the access-control within the `ScrvusdOracleV2.vy` and then granting access to a new oracle. This is also not within the scope of this contest.

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.