search

code-423n4 / 2021-04-vader-findings

1 stars 0 forks source link

Swap value can be manipulated allowing under-collateralized loans #215

Closed code423n4 closed 3 years ago

code423n4 commented 3 years ago

Handle

@cmichelio

Vulnerability details

Vulnerability Details

When borrowing with synths as collateral the synth collateral value in base tokens is computed as baseValue = calcSwapValueInBase(iSYNTH(collateralAsset).TOKEN(), _collateralAdjusted);, i.e., the result of a trade of the underlying token to base. As the pool is a constant-product AMM, the reserves can be manipulated and the swap amount artificially increased by:

  1. Get a huge flash loan of base tokens
  2. Trade base tokens to the synth underlying
  3. The reserves are now skewed and the base per underlying price drastically increased because of this swap (high base reserve, low underlying)
  4. call borrow which uses the skewed reserves and returns an inflated collateral value
  5. borrow against this inflated collateral value
  6. trade back the synth to base to restore the original reserves
  7. pay back flash loan

The same issue exists for the debt calculation debt = calcSwapValueInToken(debtAsset, baseValue); that again uses the pool reserves which can be manipulated with flash loans to return more "debt" (= borrowed tokens) than at market price.

Impact

Using this tactic an attacker can take under-collateralized loans and steal protocol funds.

Recommended Mitigation Steps

Do not use prices that only involve the reserves for anything. These are only ever snapshots of the current transaction and can be manipulated. Use TWAP oracles, see Uniswap issues with using only reserves as prices.

strictly-scarce commented 3 years ago

Pools with slip-based fees cannot be attacked in this manner.