This repository has been archived by the owner on Nov 26, 2023. It is now read-only.
n33k - getSupplyProportion uses Uniswap V3 pool token balances which can be easily manipulated #731
Comments
github-actions
bot
added
High
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
n33k
high
getSupplyProportion uses Uniswap V3 pool token balances which can be easily manipulated
Summary
getSupplyProportion uses Uniswap V3 pool tokens balances which are easily manipulated. The protocol rebalances the USSD/DAI token proportion to 50/50 to rebalance the USSD/DAI price. This works for Uniswap V2 pools but does not work for Uniswap V3 pools.
Vulnerability Detail
Uniswap V3 has a different liquidity model from Uniswap V2. The token balances do not control the price. The attacker can manipulate the token proportion without affecting the token price with Uniswap V3 concentrated liquidity.
Impact
The attacker can control the swap token amount during rebalance to steal the protocol.
Code Snippet
https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSDRebalancer.sol#L82-L90
Tool used
Manual Review
Recommendation
Use Uniswap V2 pool.
Duplicate of #808
The text was updated successfully, but these errors were encountered: