The current design of the oracle update mechanism does not clearly indicate a protection against replay attacks, allowing the possibility of reusing an old, valid state proof to revert the oracle price to a stale state. Replay of an old valid proof could revert the price feed; the attack path is moderately feasible.
-The verifier functions (in both Verifier V1 and V2) do not appear to incorporate a nonce or unique identifier within the state proof submission, which would prevent an attacker from replaying a previously valid proof.
-Replaying an old state proof might cause the oracle to update with outdated vault parameters, effectively “rolling back” the scrvUSD price.
Without a nonce or unique identifier to prevent reuse, the oracle update mechanism is susceptible to replaying an old (but valid) state proof. This can force the price feed to revert to outdated data, albeit under moderate exploitation conditions.
An attacker replays a previously valid state proof to revert the oracle price to a stale state.
In this PoC, the attacker replays old proofs, causing the oracle to update with outdated vault parameters, leading to incorrect pricing.
-Replayed proofs could force the oracle to revert to outdated price data, creating exploitable windows for arbitrage.
-Users and liquidity providers would be adversely affected by inaccurate and stale pricing information, undermining system integrity.
-Manual Code Review
-Cross-reference with the Solodit Checklist for replay protection measures
-Chat GPT o3-mini-high
-Implement a replay protection mechanism (e.g. a nonce or unique proof identifier) that is stored on-chain and checked before processing any state proof.
-Ensure that each proof can only be used once and that any replayed proofs are rejected based on their associated nonce or timestamp.
-Augment the existing block number or timestamp checks to further safeguard against the reuse of outdated proofs.
- All proof generated within `_proof_rlp` is generated via the off-chain prover, so there is no concrete proof that this proofs are non-unique. - All state roots and proofs must be verified by the OOS `StateProofVerifier` inherited as `Verifier`, so there is no proof that manipulating proofs can successfully pass a price update
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.