Storage Proofs
Curve
DeFiLayer 1Layer 2
14,723 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Timestamp Validation

ngochungp295

Summary

The update_price function accepts future timestamps (_ts), corrupting price calculations.

Vulnerability Details

ScrvusdOracleV2.vy

@external
def update_price(
_parameters: uint256[ALL_PARAM_CNT], _ts: uint256, _block_number: uint256):
# No check for _ts <= block.timestamp

In update_price, the _ts is not checked against the current time. A malicious prover could submit a future timestamp, making price_params_ts incorrect. Need to add require(_ts <= block.timestamp).

If _ts is future, the price_params_ts would be incorrect. That could allow a prover to submit future timestamps, affecting price calculations

Impact

Low:

Provers can submit future timestamps, distorting historical price data.

Tools Used

Recommendations

Add validation:

assert _ts <= block.timestamp, "Invalid timestamp"
Updates

Lead Judging Commences

0xnevi Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

[invalid] finding-missing-proof-content-validation

- See [here]([https://github.com/CodeHawks-Contests/2025-03-curve?tab=readme-ov-file#blockhash-oracle)](https://github.com/CodeHawks-Contests/2025-03-curve?tab=readme-ov-file#blockhash-oracle) on how it is used to verify storage variable - All state roots and proofs must be verified by the OOS `StateProofVerifier` inherited as `Verifier` (where the price values and params are extracted), so there is no proof that manipulating timestamp/inputs can affect a price update - It is assumed that the OOS prover will provide accurate data and the OOS verifier will verify the prices/max unlock time to be within an appropriate bound/values - There is a account existance check in L96 of `ScrvusdVerifierV1.sol`, in which the params for price updates are extracted from

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.