Closed code423n4 closed 3 years ago
WatchPug
The current implementation of Vader protocol provides impermanent loss coverage calculated as below:
https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/dex/math/VaderMath.sol#L73-L93
function calculateLoss( uint256 originalVader, uint256 originalAsset, uint256 releasedVader, uint256 releasedAsset ) public pure returns (uint256 loss) { // // TODO: Vader Formula Differs https://github.com/vetherasset/vaderprotocol-contracts/blob/main/contracts/Utils.sol#L347-L356 // // [(A0 * P1) + V0] uint256 originalValue = ((originalAsset * releasedVader) / releasedAsset) + originalVader; // [(A1 * P1) + V1] uint256 releasedValue = ((releasedAsset * releasedVader) / releasedAsset) + releasedVader; // [(A0 * P1) + V0] - [(A1 * P1) + V1] if (originalValue > releasedValue) loss = originalValue - releasedValue; }
An attacker may exploit this by adding liquidity and manipulating the price of the pool (with flash loans) to get IL coverage from the protocol.
Given:
The attacker can:
1M USDV
10 BTC
200 BTC
20 BTC
189055 USDV
210 BTC
loss
630,891 USDV
coveredLoss
Duplicate #31
SamSteinGG
commented
3 years ago SamSteinGG
commented
3 years ago
Handle
WatchPug
Vulnerability details
The current implementation of Vader protocol provides impermanent loss coverage calculated as below:
https://github.com/code-423n4/2021-11-vader/blob/429970427b4dc65e37808d7116b9de27e395ce0c/contracts/dex/math/VaderMath.sol#L73-L93
An attacker may exploit this by adding liquidity and manipulating the price of the pool (with flash loans) to get IL coverage from the protocol.
PoC
Given:
The attacker can:
1M USDVand10 BTC;200 BTC, swap20 BTCto USDV, repeat for 10 times;189055 USDVand210 BTC, currentloss:630,891 USDV;coveredLoss= 630,891 * 30 / 365 = 52k USDV.