Storage Proofs

Summary

The functions verifyScrvusdByBlockHash and verifyScrvusdByStateRoot allow any external account to submit state proofs and update the scrvUSD price. This creates a risk where an attacker could submit manipulated or outdated proofs to affect price calculations.

Vulnerability Details

• The contract does not enforce access control on verifyScrvusdByBlockHash and verifyScrvusdByStateRoot. Any address can call these functions to update the oracle.

• An attacker could craft an outdated state proof and pass it to the contract, causing incorrect price updates.

• If an attacker gains temporary control over a verifier node that provides state proofs, they could manipulate proof data to affect price calculations.

• There is no mechanism to verify that the submitted proof comes from a trusted source beyond the state root check.

Impact

• A malicious actor could submit an outdated or manipulated proof, affecting the oracle’s price accuracy.

• This could lead to price manipulation, where an attacker artificially inflates or deflates the scrvUSD price.

• StableSwap pools relying on this oracle could experience incorrect pricing, resulting in financial loss for users.

• If exploited at scale, this could destabilize the entire scrvUSD ecosystem, affecting lending, borrowing, and liquidity provisioning.

Tools Used

Manualy

Recommendations

• Implement an access control mechanism to restrict price updates to a trusted set of verifiers.

• Introduce signature-based validation where only cryptographically verified entities can submit state proofs.

• Add time constraints on proof submission, ensuring that outdated block headers cannot be used.

• Cross-check the provided state root and block hash against multiple independent sources to verify authenticity before updating the price.