DeFiLayer 1Layer 2
14,723 OP
View results
Submission Details
Severity: medium
Invalid

Potential Replay Attack on Oracle Updates

Summary

The current design of the oracle update mechanism does not clearly indicate a protection against replay attacks, allowing the possibility of reusing an old, valid state proof to revert the oracle price to a stale state. Replay of an old valid proof could revert the price feed; the attack path is moderately feasible.

Vulnerability Details

-The verifier functions (in both Verifier V1 and V2) do not appear to incorporate a nonce or unique identifier within the state proof submission, which would prevent an attacker from replaying a previously valid proof.

-Replaying an old state proof might cause the oracle to update with outdated vault parameters, effectively “rolling back” the scrvUSD price.

Elaboration

Without a nonce or unique identifier to prevent reuse, the oracle update mechanism is susceptible to replaying an old (but valid) state proof. This can force the price feed to revert to outdated data, albeit under moderate exploitation conditions.​

Proof of Concept (PoC):

An attacker replays a previously valid state proof to revert the oracle price to a stale state.​

// Previously valid RLP-encoded block header and state proof
bytes memory oldBlockHeaderRLP = /* captured old RLP-encoded block header */;
bytes memory oldStateProofRLP = /* captured old RLP-encoded state proof */;
// Attacker replays the old proofs
scrvusdVerifierV1.verifyScrvusdByBlockHash(oldBlockHeaderRLP, oldStateProofRLP);

In this PoC, the attacker replays old proofs, causing the oracle to update with outdated vault parameters, leading to incorrect pricing.

Impact

-Replayed proofs could force the oracle to revert to outdated price data, creating exploitable windows for arbitrage.

-Users and liquidity providers would be adversely affected by inaccurate and stale pricing information, undermining system integrity.

Tools Used

-Manual Code Review

-Cross-reference with the Solodit Checklist for replay protection measures

-Chat GPT o3-mini-high

Recommendations

-Implement a replay protection mechanism (e.g. a nonce or unique proof identifier) that is stored on-chain and checked before processing any state proof.

-Ensure that each proof can only be used once and that any replayed proofs are rejected based on their associated nonce or timestamp.

-Augment the existing block number or timestamp checks to further safeguard against the reuse of outdated proofs.

Updates

Lead Judging Commences

0xnevi Lead Judge
3 months ago
0xnevi Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

[invalid] finding-replay-proof-lack-nonce

- All proof generated within `_proof_rlp` is generated via the off-chain prover, so there is no concrete proof that this proofs are non-unique. - All state roots and proofs must be verified by the OOS `StateProofVerifier` inherited as `Verifier`, so there is no proof that manipulating proofs can successfully pass a price update

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.