Closed code423n4 closed 3 years ago
When a user bonds, it uses swap rate - not spot rate. This invalidates the flashloan attack theory described above. For synth and dao vault weights, they use spot value as by design because the weight is only used for accounting purposes and doesn't need to be susceptible to smoothing.
per sponsor comment, invalid
Handle
jonah1005
Vulnerability details
Impact
DaoVault
/BondVault/
SynthVault
calculates weight based on AMM spot price that's vulnerable to flash loan attacks. Though three contracts pose different threat levels to users' funds, the root cause and the fix of the three contracts are the same.BondVault:
Dao's
function bond(address asset, uint256 amount)
would calculate the input token value and deposit the same value of Sparta into the pools. This would force the Dao contract to invest in the pool at a bad price and creates arbitrage space for attackers.We assume there's a Pool start with Sparta: Dai = 100:100, and Alice is the only lpholder.
bond
and deposit 10 dai.We assume a simple x*y=k with no transaction fee to simplify the issue. Though it's harder for hackers to exploit Sparta because a different curve is applied, it's still profitable.
Severity: High
SynthVault
The
SynthVault
contract calculates users' weight by callingcalcSpotValueInBase
. An attacker can increase his weight by mutating the price through a flash loan.DaoVault
The
DaoVault
contract calculates users' weight by callinggetPoolShareWeight
which users AMM spot price. An attacker can increase his weight by mutating the price through flash loan.Luckily, attackers would be hard to drain the reward from
DaoVault
andSynthVault
. Mutating AMM pool is expensive for the trading fee of a big trade is really high. However, if a Pool somehow only has one lp holder, it would be profitable. An attacker can mutate the pool to an extreme price and pays no trading fee.I consider the severity of
SynthVault
andDaoVault
is medium.Proof of Concept
Dao calculates price at: https://github.com/code-423n4/2021-07-spartan/blob/main/contracts/Dao.sol#L239-L254 Dao invests at a bad price at https://github.com/code-423n4/2021-07-spartan/blob/main/contracts/Dao.sol#L257-L273
SynthVault
calculates price at: https://github.com/code-423n4/2021-07-spartan/blob/main/contracts/synthVault.sol#L102-L116BondVault
calculates price at: https://github.com/code-423n4/2021-07-spartan/blob/main/contracts/BondVault.sol#L77-L88Tools Used
Hardhat
Recommended Mitigation Steps
It seems that the current protocol doesn't implement a safe oracle contract. I recommend implementing a TWAP price oracle and use the oracle price instead of AMM spot price.