When borrowing with synths as collateral the synth collateral value in base tokens is computed as baseValue = calcSwapValueInBase(iSYNTH(collateralAsset).TOKEN(), _collateralAdjusted);, i.e., the result of a trade of the underlying token to base.
As the pool is a constant-product AMM, the reserves can be manipulated and the swap amount artificially increased by:
Get a huge flash loan of base tokens
Trade base tokens to the synth underlying
The reserves are now skewed and the base per underlying price drastically increased because of this swap (high base reserve, low underlying)
call borrow which uses the skewed reserves and returns an inflated collateral value
borrow against this inflated collateral value
trade back the synth to base to restore the original reserves
pay back flash loan
The same issue exists for the debt calculation debt = calcSwapValueInToken(debtAsset, baseValue); that again uses the pool reserves which can be manipulated with flash loans to return more "debt" (= borrowed tokens) than at market price.
Impact
Using this tactic an attacker can take under-collateralized loans and steal protocol funds.
Recommended Mitigation Steps
Do not use prices that only involve the reserves for anything. These are only ever snapshots of the current transaction and can be manipulated.
Use TWAP oracles, see Uniswap issues with using only reserves as prices.
Handle
@cmichelio
Vulnerability details
Vulnerability Details
When borrowing with synths as collateral the synth collateral value in base tokens is computed as
baseValue = calcSwapValueInBase(iSYNTH(collateralAsset).TOKEN(), _collateralAdjusted);
, i.e., the result of a trade of the underlying token to base. As the pool is a constant-product AMM, the reserves can be manipulated and the swap amount artificially increased by:The same issue exists for the debt calculation
debt = calcSwapValueInToken(debtAsset, baseValue);
that again uses the pool reserves which can be manipulated with flash loans to return more "debt" (= borrowed tokens) than at market price.Impact
Using this tactic an attacker can take under-collateralized loans and steal protocol funds.
Recommended Mitigation Steps
Do not use prices that only involve the reserves for anything. These are only ever snapshots of the current transaction and can be manipulated. Use TWAP oracles, see Uniswap issues with using only reserves as prices.