Lodster Finance uses the SushiOracle.sol contract to get LODE Token prices. However, since that contract uses a spot price derived from the current pool balances, it is vulnerable to price oracle manipulation.
Anyone can perform a large swap to trick Lodster into using the manipulated price. They can then execute actions on Lodster Finance and reverse the swap.
If LODE is used as collateral, one can inflate the price and borrow other tokens.
If LODE is considered a debt token, one can deflate the price and borrow more LODE tokens.
This is a well-known attack that has happened many times before.
Consider the case of manipulating price higher.
Note that a liquidity pool's balances do not matter; even with high balances, using flashloans, one can cheaply execute this attack and profit.
1. Swap 4,000 USDC for LODE, Attacker gets 8,000 LODE
Now the Sushi Pool is (2,000 LODE: 5,000 USDC)as per xy = k
1 Lode equals 2.5 USDC
2. Borrow against overvalued LODE
Since LODE is overvalued, the attacker can borrow more than the protocol intended.
3. Swap 8,000 LODE received from Step 1 for USDC; Attacker gets their 4,000 USDC back
Sushi Pool (10,000 LODE: 1,000 USDC) as per xy = k
Using multicall, one can guarantee the execution of all of the above 3 steps in 1 transaction.
Also please note deflating LODE's price is also possible; the initial swap just needs to be for USDC instead.
Recommendation
Consider using TWAP instead of SPOT price from Sushi Swap pools.
Title
One can manipulate the price fetched through the SushiOracle and steal funds
Affected smart contract
SushiOracle.sol
https://github.com/LodestarFinance/lodestar-protocol/blob/cfca1ae275d023a02198798bbcb24b2a1f646776/contracts/Oracle/SushiOracle.sol#L35
Description
Lodster Finance uses the
SushiOracle.sol
contract to get LODE Token prices. However, since that contract uses a spot price derived from the current pool balances, it is vulnerable to price oracle manipulation.Anyone can perform a large swap to trick
Lodster
into using the manipulated price. They can then execute actions on Lodster Finance and reverse the swap. IfLODE
is used as collateral, one can inflate the price and borrow other tokens. IfLODE
is considered a debt token, one can deflate the price and borrow moreLODE
tokens.This is a well-known attack that has happened many times before.
Resources
Check the section
Use flash loans to manipulate the price of AMM
from this article https://medium.com/beaver-smartcontract-security/defi-security-lecture-7-price-oracle-manipulation-d716cdeaaf77 OR Checkout this Consensys Article, it gives example of attack happened on UniswapV3, but same vector for spot price manipulation is applicable for UniswapV2/Sushi as well. https://consensys.github.io/smart-contract-best-practices/attacks/oracle-manipulation/Attack scenario
Sushi Pool (10,000 LODE : 1,000 USDC)
1 Lode equals 0.10 USDC
Consider the case of manipulating price higher. Note that a liquidity pool's balances do not matter; even with high balances, using flashloans, one can cheaply execute this attack and profit.
1. Swap 4,000 USDC for LODE, Attacker gets 8,000 LODE Now the Sushi Pool is
(2,000 LODE: 5,000 USDC)
as perxy = k
1 Lode equals 2.5 USDC2. Borrow against overvalued LODE Since LODE is overvalued, the attacker can borrow more than the protocol intended.
3. Swap 8,000 LODE received from Step 1 for USDC; Attacker gets their 4,000 USDC back Sushi Pool
(10,000 LODE: 1,000 USDC)
as perxy = k
Using multicall, one can guarantee the execution of all of the above 3 steps in 1 transaction. Also please note deflating LODE's price is also possible; the initial swap just needs to be for USDC instead.
Recommendation
Consider using
TWAP
instead of SPOT price from Sushi Swap pools.