Storage Proofs

Curve

DeFiLayer 1Layer 2

14,723 OP

View results

Previous Next

Submission Details

Severity: high

Invalid

Incorrect Storage Slot Calculation for balanceOf(self)

mrxsnowden

Summary

The contract incorrectly calculates the storage slot for the balanceOf(self) mapping by reversing the order of the key and base slot in the abi.encode function. It also mishandles simple storage variables by hashing their slot numbers unnecessarily. As a result, the contract reads from incorrect storage locations, leading to invalid parameter values that undermine the oracle’s reliability.

Vulnerability Details

https://github.com/CodeHawks-Contests/2025-03-curve/blob/198820f0c30d5080f75073243677ff716429dbfd/contracts/scrvusd/verifiers/ScrvusdVerifierV1.sol#L40C9-L40C71

uint256(keccak256(abi.encode(18, SCRVUSD))) // balanceOf(self)

Affected Component : The PARAM_SLOTS array, specifically the entry for balanceOf(self), and the _extractParametersFromProof function that processes state proofs.

Root Cause:
For balanceOf(self), the slot is calculated as keccak256(abi.encode(18, SCRVUSD)) instead of the correct keccak256(abi.encode(SCRVUSD, 18)).
For simple variables (e.g., total_debt), the slot is hashed (e.g., keccak256(abi.encode(21))) rather than passed directly as 21.

Technical Impact:
The contract retrieves invalid data for balanceOf(self) and potentially other parameters due to accessing incorrect storage slots.
This breaks the functionality of the verifyScrvusdByBlockHash and verifyScrvusdByStateRoot functions, which rely on accurate parameter extraction to update the scrvUSD oracle .

Impact

The incorrect storage slot calculation directly impairs the contract’s core purpose: verifying and updating the scrvUSD oracle with accurate data. Invalid parameter values can lead to:
Incorrect price calculations in the oracle.
Financial losses or miscalculations in systems relying on the oracle.
Erosion of trust in the oracle’s accuracy.
The issue affects all transactions invoking verifyScrvusdByBlockHash or verifyScrvusdByStateRoot, making it a systemic flaw with widespread consequences.
Scope: Impacts the entire oracle update process, affecting downstream applications and users dependent on the scrvUSD oracle.

Tools Used

Manual code review

Recommendations

Correct Mapping Slot Calculation :
Update the balanceOf(self) slot calculation in the PARAM_SLOTS array to :

uint256(keccak256(abi.encode(SCRVUSD, 18))) // Key first, then base slot

Updates

Lead Judging Commences

0xnevi Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

[invalid] finding-ScrvusdVerifierV1-incorrect-storage-slot-balanceOf-compute

- Per sponsor comments, verified slot is vyper, solidity contract only verifies it. - Vyper computes storage slots different from solidity as seen [here](https://ethereum.stackexchange.com/questions/149311/storage-collision-in-vyper-hashmap)

Prize pool breakdown

Total prize

14,723 OP

Eagles

1,472 OP

nSLOC

394

37 OP / LOC

High Medium

12,700

Low

551

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.