Closed code423n4 closed 1 year ago
This behaviour is not about being a malicious actor but only taking advantage of the end user's spot position. It will not harm the protocol or any other end-users, in addition, this type of TX can be submitted via a private Mempool bundle to prevent such behaviour.
Inflated submission.
0xSorryNotSorry marked the issue as low quality report
The sponsor has already stated that setDirectPrice
and setUnderlyingPrice
are only to be used as a last resort.
Additionally, chainlink oracles are set to determine the value of collateral posted for borrowing, the warden assumes they are used for swapping assets.
alcueca marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/Oracles/ChainlinkOracle.sol#L115-L138
Vulnerability details
Impact
In
ChainlinkOracle.sol
we havesetDirectPrice()
:This function
setDirectPrice()
allows the admin of the contract to manually set the price of a given asset.The problem here is when the price is updated an attacker can sandwich the update to gain a profit.
Proof of Concept
A malicious actor can watch the mempool for calls
setDirectPrice()
and front run the call and take advantage of it and make a profit.setDirectPrice()
and change the price of the asset.This also applies to the
setUnderlyingPrice()
function.Tools Used
Visual Studio Code
Recommended Mitigation Steps
This is very difficult to prevent. Only use these functions as a last resort. It's best not to use these functions and trust the data that comes from Chainlink.
Assessed type
MEV