Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

Misuse of Immutable Variable Access in ScrvusdVerifierV2

denisturgenev2021

Summary

In ScrvusdVerifierV2, the contract references the immutable variable BLOCK_HASH_ORACLE from ScrvusdVerifierV1 using the contract name (ScrvusdVerifierV1.BLOCK_HASH_ORACLE). While this approach is valid and compiles, it is not recommended because immutable variables belong to contract instances rather than the contract type. This could lead to confusion and maintainability issues when working with multiple instances or future contract upgrades.

Vulnerability Details

The contract accesses an immutable variable like this:

block_header.hash == IBlockHashOracle(ScrvusdVerifierV1.BLOCK_HASH_ORACLE).get_block_hash(block_header.number);

Immutable variables are assigned at deployment and are tied to a specific contract instance.

Using ScrvusdVerifierV1.BLOCK_HASH_ORACLE implies a contract-level access pattern, which does not align with how immutable variables work.

This can create confusion when debugging or maintaining the contract, as ScrvusdVerifierV1 is not an active instance.

Recommendations

Instead of referencing ScrvusdVerifierV1.BLOCK_HASH_ORACLE, access the immutable variable directly in ScrvusdVerifierV2:

block_header.hash == IBlockHashOracle(BLOCK_HASH_ORACLE).get_block_hash(block_header.number);

Updates

Lead Judging Commences

0xnevi Lead Judge 2 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Assigned finding tags:

[invalid] finding-upgradeable-verifier-contracts

Invalid, - srCRVUSD is a minimal proxy, meaning it can never by upgraded, see [here](https://www.cyfrin.io/blog/upgradeable-proxy-smart-contract-pattern#:~:text=Minimal%20proxies%20are%20distinct%20from,provide%20upgrade%20or%20authorization%20functionality.) and [here](https://www.rareskills.io/post/eip-1167-minimal-proxy-standard-with-initialization-clone-pattern) for more info. - Even if srcrvUSD is migrated in the future via a new minimal proxy contract deployment (which is highly unlikely), the verifier contracts can be migrated along with it via revoking the access-control within the `ScrvusdOracleV2.vy` and then granting access to a new oracle. This is also not within the scope of this contest.

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.