Severity: High
Category: Input Validation
Impact: Price manipulation through stale state roots
Likelihood: High - easily exploitable with minimal resources
Contract: ScrvusdVerifierV1
Functions: verifyScrvusdByStateRoot, verifyScrvusdByBlockHash
Lines: 74-84
The contract violates a core requirement from the README: "can be updated frequently with a mainnet blockhash that is no older than, say, 30 minutes". There are no checks to ensure state roots or block hashes are recent.
Attacker identifies historical block with favorable price parameters
Submits proof from old block through verifyScrvusdByStateRoot
Oracle updates with stale price data
Attacker exploits price difference in StableSwap pools
Implement exponential backoff for older blocks
Add minimum number of confirmations requirement
Cache recent valid block numbers
Impact: High
Direct violation of core requirement
Enables price manipulation
Affects all dependent StableSwap pools
Could lead to significant financial losses
Likelihood: High
No specialized tools needed
Easy to find favorable historical blocks
Simple to execute with minimal resources
No complex preconditions required
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.