Contract: contracts/scrvusd/oracles/ScrvusdOracleV2.vy
Functions: _obtain_price_params, update_price
The update_price function in ScrvusdOracleV2.vy
relies on a timestamp (parameters_ts) and a value (params.last_profit_update) obtained from a state proof of the scrvUSD vault on Ethereum mainnet. Due to delays in data synchronization and potential clock inaccuracies, it's possible for params.last_profit_update to be greater than parameters_ts.
Since the Vyper version is 0.4.0 which uses Solidity 0.8.18 compiler, if parameters_ts - params.last_profit_update results in underflow, the assertion parameters_ts >= params.last_profit_update will trigger a revert.
This results in a denial of service(DoS) because the price feed will not be updated.
POC
Test Scenario:
Deploy the Vyper contract.
Call setup with _last_profit_update set to a future timestamp relative to the current block (e.g., block.timestamp + 7200 (2 hours)).
Call update_price with parameters_ts = block.timestamp.
Observe that the transaction reverts because the condition parameters_ts >= params.last_profit_update fails.
Denial-of-Service (DoS): The update_price function will revert if params.last_profit_update > parameters_ts, preventing the oracle from updating.
Stale Price Feed: An outdated price feed will cause inaccurate swaps in the stableswap pool, potential arbitrage by external parties, and loss of confidence in the system.
Manual review
Check and Adjust Timestamp:
Modify the update_price function to check if params.last_profit_update > parameters_ts before performing any calculations.
If params.last_profit_update is greater, adjust parameters_ts to be equal to params.last_profit_update to prevent the revert and ensure forward progress.
This makes the timestamp for this sidechain adjust to whatever the timestamp is on the mainchain oracle.
This issues and duplicates are very similar to reasonings highlighted in issue #11. The timestamp variables are extracted and verified via the OOS `StateProofVerifier` contract inherited as `Verifier`. There is simply no concrete proof that the verifier allowed such an underflow to occur, representing stale price value updates.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.