Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Missing Validation in `set_max_price_increment`

princekay

Description

The set_max_price_increment function lacks validation to ensure that the maximum price increment is less than StableSwap's minimum fee. This could lead to price manipulation if the maximum price increment is set too high.

Affected Code

https://github.com/CodeHawks-Contests/2025-03-curve/blob/198820f0c30d5080f75073243677ff716429dbfd/contracts/scrvusd/oracles/ScrvusdOracleV2.vy#L357-L371

@external

def set_max_price_increment(_max_price_increment: uint256):

"""

@notice Set maximum price increment of scrvUSD.

Must be less than StableSwap's minimum fee.

fee / (2 * block_time) is considered to be safe.

@param _max_price_increment Maximum acceleration (per sec)

"""

access_control._check_role(access_control.DEFAULT_ADMIN_ROLE, msg.sender)

# @audit no check to ensure it is less than StableSwap's minimum fee

assert 10**8 <= _max_price_increment and _max_price_increment <= 10**18

self.max_price_increment = _max_price_increment

log SetMaxPriceIncrement(_max_price_increment)

Vulnerability Details

The function currently only validates that _max_price_increment is between 10**8 and 10**18, which is an extremely wide range. If _max_price_increment is set too high (but still within these bounds), the oracle could allow price movements that exceed StableSwap's minimum fee threshold.

This creates a fundamental economic vulnerability in the system. When price movements exceed the StableSwap fee, arbitrageurs can profit by trading against the price discrepancy, extracting value from the protocol. The relationship between maximum price movement and swap fees is critical for protocol security.

While this issue requires admin privileges to exploit directly, it represents a significant protocol parameter risk. Even an accidental misconfiguration by a privileged user could lead to sustained value extraction by arbitrageurs, potentially depleting liquidity pools over time.

Tools Used

Manual Review

Recommended Mitigation Steps

Add validation to ensure the maximum price increment is less than StableSwap's minimum fee:

assert _max_price_increment < STABLESWAP_MIN_FEE, "Max price increment too high"

Updates

Lead Judging Commences

0xnevi Lead Judge

3 months ago

0xnevi Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.