verifyfirst
commented
3 years ago Implementing a TWAP needs more discussion and ideas to help with price manipulation. Attacking BOND is limited by its allocation, time and the fact that it's locked over 6months.
ghoul-sol
Handle
cmichel
Vulnerability details
BondVaultdeposits match any depositedtokenamount with theBASEamount to provide liquidity, see Docs andDAO.handleTransferIn. The matchedBASEamount is the swap amount of thetokentrade in the pool. An attacker can manipulate the pool and have theDAOcommitBASEat bad prices which they then later buys back to receive a profit onBASE. This is essentially a sandwich attack abusing the fact that one can trigger theDAOto provideBASEliquidity at bad prices:BASEinto it repeatedly (sending lots of smaller trades is less costly due to the path-independence of the continuous liquidity model). This increases thetokenperBASEprice.DAO.bond(amount)to driptokensinto theDAOand get matched withBASEtokens to provide liquidity. (Again, sending lots of smaller trades is less costly.) As the pool contains lowtokenbut highBASEreserves, thespartaAllocation = _UTILS.calcSwapValueInBase(_token, _amount)swap value will be high. The contract sends even more BASE to the pool to provide this liquidity.tokensfrom 1. As a lot moreBASEtokens are in the reserve now due to the DAO sending it, the attacker will receive moreBASEas in 1. as well, making a profitImpact
The DAO's Bond allocation can be stolen. The cost of the attack is the trade fees in 1. + 3. as well as the tokens used in 2. to match the
BASE, but the profit is a share on theBASEsupplied to the pool by the DAO in 2.Recommended Mitigation Steps
Track a TWAP spot price of the
TOKEN <> BASEpair and check if theBASEincentive is within a range of the TWAP. This circumvents that theDAOcommitsBASEat bad prices.