Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: high

Invalid

Improper Initialization and Access Control Misconfiguration

entrancesun

Summary

The oracle and verifier contracts use a Snekmate-based access control module to secure critical functions. However, if role initialization or transfer is misconfigured during deployment, unauthorized parties could gain access to sensitive functions. Misconfiguration of critical roles can allow unauthorized access to sensitive functions, posing significant risk to funds.

Vulnerability Details

-Functions such as update_price, set_max_price_increment, and set_prover are restricted by roles.

-If the contract initialization does not securely assign the PRICE_PARAMETERS_VERIFIER and other critical roles, or if these roles can be transferred without proper safeguards (for example, lacking multi-signature or timelock protection), then an attacker could exploit these functions.

-Edge cases during deployment or role reconfiguration may leave critical functions unprotected.

Elaboration

Misconfiguration during contract initialization or role transfers could leave sensitive functions unprotected, allowing unauthorized access.

Proof of Concept (PoC):

An attacker exploits a misconfigured access control to call a sensitive function without proper authorization.

// Attacker calls a sensitive function due to misconfigured access control

scrvusdOracleV2.set_max_price_increment(10**18); // Unauthorized access

In this PoC, the attacker successfully calls the set_max_price_increment function due to improper access control settings, leading to potential manipulation of the oracle's pricing logic.

Impact

-Unauthorized access could allow an attacker to manipulate the scrvUSD price feed or adjust key parameters arbitrarily, undermining the system’s integrity.

-Such a breach could result in severe financial losses across cross-chain liquidity pools and erode trust in the protocol.

Tools Used

-Manual Code Review

-Comparison with Solodit Checklist items on access control, initialization, and role management

-Chat GPT o3-mini-high

Recommendations

-Ensure robust and atomic initialization routines that assign all critical roles securely to trusted addresses.

-Consider implementing multi-signature or timelock mechanisms for transferring or modifying critical roles.

-Perform periodic audits of role assignments and incorporate detailed event logging for all access control changes.

Updates

Lead Judging Commences

0xnevi Lead Judge

3 months ago

0xnevi Lead Judge 3 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.