Storage Proofs

Summary

The scrvUSD oracle’s v2 price model assumes that crvUSD-denominated rewards remain constant across future periods to predict scrvUSD prices in stableswap-ng pools. If actual rewards decline(due to market conditions), the oracle overestimates scrvUSD prices. This mispricing leads to imbalanced trades, enabling arbitrageurs to profit by selling overvalued scrvUSD, which harms liquidity providers (LPs) through asset depletion and losses.

Vulnerability Details

The scrvUSD oracle’s v2 price model, implemented in ScrvusdOracleV2.vy, relies on a key assumption:

• gain: Represents the assumed reward per period.

• number_of_periods: The number of future periods projected, limited by max_v2_duration

This calculation updates params.total_idle to simulate future vault states, feeding into the price_v2 output used by pools. But if crvUSD rewards drop (e.g., due to reduced protocol revenue, Reduced demand or yield opportunities lower rewards), total_idle is overstated, inflating the price.

code: https://github.com/CodeHawks-Contests/2025-03-curve/blob/198820f0c30d5080f75073243677ff716429dbfd/contracts/scrvusd/oracles/ScrvusdOracleV2.vy#L254-L258

Impact

The failure of the v2 reward assumption has significant effects: Oracle Overestimation( The oracle outputs a price_v2 higher than scrvUSD’s true value, misleading pools )

Pool Imbalance( Overvalued scrvUSD prices incentivize traders to swap scrvUSD for stablecoins), LP Losses: LPs hold devalued scrvUSD as arbitrageurs profit.

-> This is an economic model risk

Tools Used

Economic Analysis: Evaluated how reward assumption failures affect price accuracy and pool economics.

Recommendations

Real-Time Monitoring:

• Deploy tools to compare actual rewards against projected gain, triggering alerts if discrepancies grow significant.

• Use alerts to adapt oracle parameters or disable v2.