Use of slot 0 is easy to manipulate

[howlbot-integration]

Lines of code

https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/libraries/UniHelper.sol#L14

Vulnerability details

Impact

the getSqrtPrice is pulled from Uniswap.slot0, which is the most recent data point and can be manipulated easily via MEV bots and Flashloans with sandwich attacks; which can cause the loss of funds when interacting with the Uniswap.swap function.

Proof of Concept

slot0 is the most recent data point and is therefore extremely easy to manipulate. The protocol uses slot0 to fetch the prices while performing a swap during executing a order.

An attacker can simply manipulate the getSqrtPrice and the token will be bought at a higher price and the attacker would run the transaction to sell; thereby earning gains but causing a loss of funds to whoever called those functions.

Tools Used

Uniswap

Recommended Mitigation Steps

Use the TWAP instead of slot0.

Assessed type

Uniswap

[alex-ppg]

The submission lacks sufficient elaboration and thus does not merit a reward as a duplicate.

[c4-judge]

alex-ppg marked the issue as unsatisfactory:
Insufficient proof

[Saptarshi1010]

@alex-ppg escalating this since i think in some of the issues and mine the only thing misses is inline codes ,which i have clearly done through highlighting the swap word

[alex-ppg]

Hey @Saptarshi1010, thank you for your feedback! The submission does not sufficiently elaborate why slot0 can be harmful if manipulated in the context it references as simply pointing out it can be manipulated is not enough to justify a vulnerability.

[Saptarshi1010]

@alex-ppg Thanks for the suggestion , i totally don't disagree with you, From my POV i didn't really much elaborate this issue, since it's a common known issue, So did just made a to the point report [ And i actually have given a pretty common way how it can be manipulated]. Would keep this in mind for future suggestion, but given the nature of this submission wrt others , shouldn't this be eligible for partial reward

[alex-ppg]

Hey @Saptarshi1010, thank you for your follow-up feedback. I have re-reviewed this submission and still maintain that it is ineligible for a partial reward given that it does not adequately contextualize the vulnerability in relation to the Predy system.