Hardcoded Storage Slots
Summary
The PARAM_SLOTS array contains hardcoded storage slot numbers.
-
Impact:
If the storage layout of the
SCRVUSDcontract changes (e.g., due to an upgrade), the verifier will extract incorrect data.This could lead to severe price discrepancies and financial losses.
This is a large maintenance risk.
Vulnerability Details
Impact
Tools Used
Recommendations
External Configuration: Consider storing the slot numbers in a configurable storage or in a separate configuration contract.
Automated Verification: Implement automated tests to verify that the slot numbers match the actual storage layout of the
SCRVUSDcontract. This should be part of the continuous integration process.Documentation: Maintain extremely clear and up-to-date documentation regarding the slot numbers and their corresponding parameters.
Lead Judging Commences
[invalid] finding-upgradeable-verifier-contracts
Invalid, - srCRVUSD is a minimal proxy, meaning it can never by upgraded, see [here](https://www.cyfrin.io/blog/upgradeable-proxy-smart-contract-pattern#:~:text=Minimal%20proxies%20are%20distinct%20from,provide%20upgrade%20or%20authorization%20functionality.) and [here](https://www.rareskills.io/post/eip-1167-minimal-proxy-standard-with-initialization-clone-pattern) for more info. - Even if srcrvUSD is migrated in the future via a new minimal proxy contract deployment (which is highly unlikely), the verifier contracts can be migrated along with it via revoking the access-control within the `ScrvusdOracleV2.vy` and then granting access to a new oracle. This is also not within the scope of this contest.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.