Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: high

Invalid

No State Reentrancy protection

zaa

Summary

The critical point is when the contract calls back to the attacker "Before state updates" - this is where the vulnerability occurs, as the attacker can reenter the contract before the state changes are committed.

Vulnerability Details

The vulnerability lies in the update_price function where state updates occur after external calls.

@external

def update_price(

_parameters: uint256[ALL_PARAM_CNT],

_ts: uint256,

_block_number: uint256

) -> uint256:

# 1. Price calculations happen here

# 2. State updates occur AFTER external calls

self.price_params = PriceParams(...) # First state update

self.last_block_number = _block_number # Second state update

self.last_update = block.timestamp # Third state update

# 3. External calls happen AFTER state updates

emit PriceUpdate(new_price, _ts, _block_number)

return price_change

Impact

Can lead to minipulation of critical price parameters.
Allows atackers to influence oracle price calculations.
Potentially impacts user funds accross the ecosystem.

Tools Used

Manual review

Recommendations

Security enhancements and State protection

@view

def _check_price_validity(new_price: uint256, current_price: uint256) -> bool:

# Add price validation logic

max_change: uint256 = self.max_price_increment * (block.timestamp - self.last_update) * current_price // 10**18

return abs(new_price - current_price) <= max_change

@external

def update_price(

_parameters: uint256[ALL_PARAM_CNT],

_ts: uint256,

_block_number: uint256

) -> uint256:

# Add reentrancy protection

require(self.last_block_number <= _block_number, "Outdated")

require(_check_price_validity(new_price, current_price), "Invalid price change")

# ... existing implementation ...

@external

def update_profit_max_unlock_time(

_profit_max_unlock_time: uint256,

_block_number: uint256

) -> bool:

require(self.last_block_number <= _block_number, "Outdated")

require(_profit_max_unlock_time >= 7 * 86400, "Unlock time too short") # Minimum 1 week

# ... existing implementation ...

Updates

Lead Judging Commences

0xnevi Lead Judge

6 months ago

0xnevi Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.