Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

Possible Minor Unlock Time Mismatch Affecting Price Accuracy

dan__vinci

Summary

The issue stems from profit_max_unlock_time not being properly constrained when updated. The system currently does not verify whether the new unlock time exceeds the expected remaining period, which could lead to an incorrect extension of the profit unlocking window.

The sponsor clarified that profit_max_unlock_time should not be greater than the allowed period, meaning the unlock time can decrease but must not increase beyond the predefined limit.

Imagine a scenario where an external agent verified newly increased unlock time before price parameters are updated this allows for an incorrect price retrieve by transaction that utilizes the oracle before the price parameters are updated

def update_profit_max_unlock_time(_profit_max_unlock_time: uint256, _block_number: uint256) -> bool:

"""

@notice Update price using `_parameters`

@param _profit_max_unlock_time New `profit_max_unlock_time` value

@param _block_number Block number of parameters to linearize updates

@return Boolean whether value changed

//@audit doesn't check if thr current parameters like last_profit_update and full-unlock-date satisfis the new unlock time

"""

access_control._check_role(UNLOCK_TIME_VERIFIER, msg.sender)

# Allowing same block updates for fixing bad blockhash provided (if possible)

assert self.last_block_number <= _block_number, "Outdated"

self.last_block_number = _block_number

prev_value: uint256 = self.profit_max_unlock_time

self.profit_max_unlock_time = _profit_max_unlock_time

return prev_value != _profit_max_unlock_time

Impact

The issue is that the parameters do not currently satisfy the unlock time, meaning that prices read before the params are updated might not be accurate. This can lead to a lower calculation of unlocked shares, affecting how profits are distributed.

Tools Used

Manual Review

Recommendations

Modify update_profit_max_unlock_time() to enforce the following condition:

assert _profit_max_unlock_time <= (self.price_params.full_profit_unlock_date - self.price_params.last_profit_update), "Unlock time too long"

Updates

Lead Judging Commences

0xnevi Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Assigned finding tags:

[invalid] finding-missing-proof-content-validation

- See [here]([https://github.com/CodeHawks-Contests/2025-03-curve?tab=readme-ov-file#blockhash-oracle)](https://github.com/CodeHawks-Contests/2025-03-curve?tab=readme-ov-file#blockhash-oracle) on how it is used to verify storage variable - All state roots and proofs must be verified by the OOS `StateProofVerifier` inherited as `Verifier` (where the price values and params are extracted), so there is no proof that manipulating timestamp/inputs can affect a price update - It is assumed that the OOS prover will provide accurate data and the OOS verifier will verify the prices/max unlock time to be within an appropriate bound/values - There is a account existance check in L96 of `ScrvusdVerifierV1.sol`, in which the params for price updates are extracted from

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.