c4-judge
commented
2 years ago 0xean marked the issue as duplicate
Closed code423n4 closed 1 year ago
c4-judge
commented
2 years ago 0xean marked the issue as duplicate
c4-judge
commented
1 year ago 0xean marked the issue as satisfactory
c4-judge
commented
1 year ago captainmangoC4 marked the issue as not a duplicate
c4-judge
commented
1 year ago captainmangoC4 changed the severity to QA (Quality Assurance)
c4-judge
commented
1 year ago 0xean marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/Oracle.sol#L79 https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/Oracle.sol#L61
Vulnerability details
Impact
A fixed price may be set for a stablecoin against DOLA. If either the stablecoin or DOLA depegs this functionality will be used by arbitrageurs to steal money from the protocol.
Proof of Concept
The oracle contract provides a function to set a "fixed price" for certain tokens. This is dangerous in case of a stablecoin depegging attackers can buy the stable at a smaller price and place it as collateral to get DOLA. While stablecoins may be pegged to a currency prices are always decided by free market mechanics. Pegs can break either temporarily or permanently (UST case). All major stablecoins have depegged at least for a small amount of time once. Stablecoins AMM's like curve use specialized functions to better price stables but never a fixed price.
If a coin with a "fixed price" is set the chances of it being exploited in the case of a temporal price move are very high. Fixed prices don't exist in free markets.
https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/Oracle.sol#L61
Recommended Mitigation Steps
Remove this functionality and always use oracles to price tokens.