Storage Proofs

Summary

The current implementation in the _obtain_price_params function only updates the unlock date based on the number of complete periods that have elapsed. Any extra time that does not form a full period is completely ignored. This design flaw leads to an inaccurate calculation of the profit unlocking parameters in a dynamic market environment, resulting in incorrect Oracle pricing.

Vulnerability Details

The vulnerability lies in the fact that the _obtain_price_params function computes the number of full periods that have passed using the expression:

https://github.com/CodeHawks-Contests/2025-03-curve/blob/198820f0c30d5080f75073243677ff716429dbfd/contracts/scrvusd/oracles/ScrvusdOracleV2.vy#L249-L252

and then updates the profit unlocking parameters by adding:

https://github.com/CodeHawks-Contests/2025-03-curve/blob/198820f0c30d5080f75073243677ff716429dbfd/contracts/scrvusd/oracles/ScrvusdOracleV2.vy#L279-L280

This means that if there is any extra time beyond these complete periods, the extra period is ignored. The design assumes that the parameters remain constant for any leftover time, an assumption that does not hold true in a dynamic market where conditions change continuously.

Impact

Due to this flaw, the Oracle may calculate profit unlocking parameters that do not accurately reflect the actual market state, leading to an Oracle price that is out of sync with real market conditions. This mispricing can adversely affect downstream protocols that depend on the Oracle for accurate pricing data, exposing them to financial risk and potential exploitation during periods of high market volatility.

Tools Used

• Manual Code Review

Recommendations

Modify the _obtain_price_params function to account for the extra time beyond complete periods, rather than ignoring it. A more granular or continuous model for updating the profit unlocking parameters should be implemented to better reflect real-time market changes.