Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Erroneous double hashing of the mapping slot (such as balanceOf(self))

libaier1997

Summary

The contract ScrvusdVerifierV1 contains an error in computing storage slot hashes for mapping-type slots in the _extractParametersFromProof function. Specifically, the storage position for mapping-type slots (e.g., balanceOf(address)) has already been correctly computed in the storage definition, yet the extractSlotValueFromProof function call incorrectly performs an extra hashing operation, causing an incorrect slot position computation:

/// @dev Extract parameters from the state proof using the given state root.

function _extractParametersFromProof(

bytes32 stateRoot,// blockNumber

bytes memory proofRlp

) internal view returns (uint256[PARAM_CNT] memory) {

........

// Extract slot values

uint256[PARAM_CNT] memory params;

for (uint256 i = 1; i < PROOF_CNT; i++) {

Verifier.SlotValue memory slot = Verifier.extractSlotValueFromProof(

keccak256(abi.encode(PARAM_SLOTS[i])),//<-@ extra hashing operation

account.storageRoot,

proofs[i].toList()

);

// Slots might not exist, but typically we just read them.

params[i - 1] = slot.value;

}

return params;

}

For the mapping slots, the position was already pre-hashed correctly:

// Storage slots of parameters

uint256[PROOF_CNT] internal PARAM_SLOTS = [

uint256(0), // filler for account proof

uint256(21), // total_debt

uint256(22), // total_idle

uint256(20), // totalSupply

uint256(38), // full_profit_unlock_date

uint256(39), // profit_unlocking_rate

uint256(40), // last_profit_update

uint256(keccak256(abi.encode(18, SCRVUSD))) // <-@ For the mapping slots, the position was already pre-hashed correctly

];

Applying an additional hash is incorrect and it creates an inconsistency with the expected behavior.

Vulnerability Details

Root Cause：The contract does not differentiate clearly between static and mapping slots. Although static slots must be hashed once during verification, the mapping-type slots have been hashed correctly beforehand and must not be hashed again. The incorrect additional hashing of the mapping slot leads to an incorrect storage slot calculation, resulting in a failure to verify the state proof properly.

Impact

This vulnerability causes the contract to incorrectly verify or fail to verify real data stored in mapping slots (balanceOf(self)).

Tools Used

N/A

Recommendations

Explicitly distinguish between static and mapping storage slots by modifying the verification logic to correctly handle hashing

Updates

Lead Judging Commences

0xnevi Lead Judge

3 months ago

0xnevi Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

[invalid] finding-storage-key-compute-wrong

See primary comments in issue #23

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.