Chronicle Scribe
Summary
ExpandChronicle Scribe is an efficient Schnorr multi-signature based oracle system designed for gas-optimized price feed delivery on Ethereum. The architecture consists of two primary contracts — `Scribe` for standard multi-signature verified pokes, and `ScribeOptimistic` which adds an optimistic poke mechanism with on-chain fault resolution via a challenge period. Supporting libraries `LibSchnorr` and `LibSecp256k1` implement custom Schnorr signature verification using the `ecrecover` precompile as an optimization, and secp256k1 point addition in Jacobian coordinates respectively. Extension contracts `ScribeLST` and `ScribeOptimisticLST` add APR reading capability for liquid staking token use cases.
The security posture of this codebase is strong. Access control is consistently enforced through the `Auth` module for privileged operations (`lift`, `drop`, `setBar`, `setOpChallengePeriod`, `setMaxChallengeReward`) and the `Toll` module for read access. The Schnorr verification includes defense-in-depth checks: signature malleability prevention (`signature < Q`), curve point validation (`isOnCurve`), bloom filter for double-signing detection, and strict bar-equality enforcement requiring exactly `bar` feeds to sign rather than a minimum threshold. The optimistic poke mechanism correctly handles state transitions through `_afterAuthedAction`, ensuring configuration changes cannot retroactively invalidate previously valid opPokes into challengeable ones. The calldata encoding attack vector identified in the prior Cantina audit has been addressed.
The codebase demonstrates mature security engineering practices with well-documented invariants, bounded gas usage guarantees for challenge-critical functions, and careful state management between `_pokeData` and `_opPokeData` storage slots. The feed registration uses a proof-of-possession mechanism via ECDSA, with the documented caveat that additional rogue-key protection is handled externally via the ValidatorRegistry. No vulnerabilities were identified that would allow fund theft or oracle manipulation by unauthorized parties.
Findings
No issues identified
Conclusion
ExpandThe Chronicle Scribe codebase demonstrates a high level of security maturity and careful engineering. The Schnorr multi-signature verification is correctly implemented with appropriate defense-in-depth measures including signature malleability prevention, curve point validation, and double-signing detection via bloom filters. The optimistic poke mechanism in ScribeOptimistic correctly manages the complex state machine between _pokeData and _opPokeData, with the _afterAuthedAction hook properly handling configuration changes that could otherwise invalidate pending opPokes. The prior Cantina audit findings, including the calldata encoding attack on opChallenge, have been addressed.
No vulnerabilities were identified that would enable fund theft, oracle value manipulation, or bypass of the challenge mechanism. The system’s use of custom Schnorr verification via the ecrecover precompile is a well-understood optimization pattern, and the supporting elliptic curve arithmetic in LibSecp256k1 correctly implements point addition in Jacobian coordinates with appropriate checks for point-at-infinity and on-curve validation. The separation of concerns between standard poke and optimistic poke paths provides clear security boundaries, and the bounded gas guarantees on challenge-critical paths ensure that the fault resolution mechanism remains accessible even under adversarial network conditions.
The Chronicle Scribe contracts are well-suited for mainnet deployment. The codebase benefits from extensive invariant documentation, bounded gas usage guarantees on challenge-critical paths, and a comprehensive test suite including fuzz testing, differential testing against an external oracle-suite implementation, and invariant testing. Continued monitoring of opPoke challenges via the emitted events and periodic review of feed configurations are recommended as ongoing operational practices.
On-Chain Verification
Compare these values with the on-chain attestation
Verify: download the markdown and compare the hash
sha256sum chronicle-scribe.md
Legal Disclaimer: This report covers the code submitted for analysis. It does not account for infrastructure, deployment configuration, third-party dependencies, or changes made after the audit date. Automated analysis may produce false positives or miss context-dependent vulnerabilities. audited.xyz provides this report “as is” without warranty of any kind.