c4-pre-sort
commented
1 year ago minhquanym marked the issue as duplicate of #148
Closed code423n4 closed 1 year ago
c4-pre-sort
commented
1 year ago minhquanym marked the issue as duplicate of #148
c4-judge
commented
1 year ago dmvt marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-amphora/blob/main/core/solidity/contracts/core/USDA.sol#L101
Vulnerability details
Impact
Detailed description of the impact of this finding.
Proof of Concept
It's not uncommon for stablecoins to crash/depeg . We saw USDC crashing recently in march where it lost almost 40% of it's value.
Since the protocol assumes a 1:1 relation between USDA and sUSD , consider the case below. We will discuss 2 cases
1.) sUSD crashes , due to this the price of 1 sUSD is 0.5 dollars.
2.) The attacker sees this as an opportunity , and buys a lot of sUSD at lower price.
3.) The attacker calls deposit on the USDA contract here https://github.com/code-423n4/2023-07-amphora/blob/main/core/solidity/contracts/core/USDA.sol#L89 , which calls _deposit at L101 and mints himself the same amount of USDA.
4.) The sUSD recovers , and the attacker has made a good profit by minting USDA worth a lot more than what he bought them for.
Second case can be when user bought a lot of USDA by depositing sUSD into the contract , say it was worth 1M dollars. When the user withdraws now , he gets sUSD worth a lot less than before due to the crash
But when he withdraws to get the sUSD back it would be worth a lot less
Tools Used
Manual analysis
Recommended Mitigation Steps
A possible solution can be to not only have sUSD as the coin backing it up , in case of depeg we can have a logic to use some other stablecoin.
Assessed type
Context