Summary

• Hardcoded initialization of profit_max_unlock_time (1 week) in the scrvUSD Oracle.

• If the scrvUSD Vault updates this parameter, the Oracle fails to sync, leading to inaccurate price calculations and protocol-wide risks.

Vulnerability Details

• The Oracle initializes profit_max_unlock_time to 7 * 86400 (1 week) and does not update it dynamically.

• The scrvUSD Vault may change this value (e.g., governance votes to adjust profit distribution speed), but the Oracle cannot detect or adapt to such changes.

• This creates a mismatch between the Oracle’s assumptions and the Vault’s actual state.

Impact

• If the profit_max_unlock_time is wrong, the oracle will calculate the price of scrvUSD incorrectly.

• Manual Intervention Required:
  Admins must manually update the Oracle each time the Vault changes profit_max_unlock_time, introducing operational risk.

Tools Used

Manual Code Review

Recommendations

Make It Update Automatically:

• Instead of having the profit_max_unlock_time be a fixed number, make the oracle get the correct number from the scrvUSD Vault.

• The best way to do this is to use "state proofs." This is like getting a digital receipt that proves the number is correct.

• Here's how it would work:

  • The oracle asks the scrvUSD Vault for the current profit_max_unlock_time.

  • The oracle checks the "digital receipt" to make sure the number is correct.

  • The oracle updates its own profit_max_unlock_time with the correct number.