search

code-423n4 / 2023-08-goodentry-findings

3 stars 2 forks source link

In GeVault and TokenisableRange contracts uses `slot0` to retrieve prices instead of TWAP price #361

Closed code423n4 closed 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/GeVault.sol#L368 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/TokenisableRange.sol#L239 https://github.com/code-423n4/2023-08-goodentry/blob/main/contracts/TokenisableRange.sol#L370

Vulnerability details

Impact

The following functions uses the UniV3Pool.slot0 to get price of tokens instead of a TWAP price. Given the price stored in slot0 is determined by the ratio of assets in the pool, it can easily be manipulated by buying/selling in the pool, such as utilizing a flashloan to manipulate prices of tokens and arbritrage, causing loss to Good Entry protocol.

Tools Used

Manual review

Recommended Mitigation Steps

Use a TWAP price instead of directly using slot0 to retrieve token prices for calculation of token amount and liquidity.

Assessed type

Uniswap

c4-pre-sort commented 1 year ago

141345 marked the issue as duplicate of #48

c4-judge commented 1 year ago

gzeon-c4 marked the issue as unsatisfactory: Invalid