Skip to content
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.

simon135 - in getOwnValution we dont use a twap variable but instead use a not protected manipulates price #937

Closed
sherlock-admin opened this issue May 24, 2023 · 0 comments
Closed

simon135 - in getOwnValution we dont use a twap variable but instead use a not protected manipulates price #937

sherlock-admin opened this issue May 24, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented May 24, 2023
edited by github-actions bot
Loading

simon135

high

in getOwnValution we dont use a twap variable but instead use a not protected manipulates price

Summary

In getOwnValution we don't use a twap variable but instead use a not protected token amounts calculation an attacker can change the pool with flash loan causing different prices in the rebalance function
It's not the actual price of the pool it's only the vulnerable price so we will be doing rebalancing for no reason if the attacker has a flash loan and secky the prices too low for USSD they can profit and the other way around is to and get dai at a lower price.

Vulnerability Detail

EX:
Alice manipulates the pool by making USSD very cheap and getting then making it expensive and then Alice will sell the tokens for a profit.

Impact

Profit for the attacker, protocol can loss collateral because attacker can control when and how the protocol rebalances.

Code Snippet

  (uint160 sqrtPriceX96,,,,,,) =  uniPool.slot0();

Tool used

Manual Review

Recommendation

Use Twap price instead

Duplicate of #451
@github-actions github-actions bot closed this as completed Jun 5, 2023
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 5, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Jun 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin