search

code-423n4 / 2023-10-opendollar-findings

10 stars 7 forks source link

UniswapV3 Relayer using wrong UniswapV3 factory address ! #401

Closed c4-submissions closed 1 year ago

c4-submissions commented 1 year ago

Lines of code

https://github.com/open-dollar/od-contracts/blob/v1.5.5-audit/src/contracts/oracles/UniV3Relayer.sol#L18

Vulnerability details

Impact

Protocol will always fail to fetch a asset price . Deployment of UniV3Relayer will fail .

Proof of Concept

UniV3Relayer contracts are supposed to consult a UniswapV3 TWAP and transforms the result into a standard IBaseOracle feed .then the quote obtained from the pool query is transformed into an 18 decimals format

However the current address of Uniswap V3 Factory being used is wrong . It's using Goerli's Uniswap V3 Factory address instead of Arbitrum's address . This arises a huge issue of Protocol always failing to fetch a asset price . 

  address internal constant _UNI_V3_FACTORY = GOERLI_UNISWAP_V3_FACTORY;

Tools Used

Etherscan

Recommended Mitigation Steps

Use Arbitrum's address of Uniswap V3 Factory :

- address internal constant _UNI_V3_FACTORY= GOERLI_UNISWAP_V3_FACTORY ;
+ address internal constant _UNI_V3_FACTORY = UNISWAP_V3_FACTORY ;

Assessed type

Oracle

c4-pre-sort commented 1 year ago

raymondfam marked the issue as low quality report

c4-pre-sort commented 1 year ago

raymondfam marked the issue as duplicate of #119

c4-judge commented 1 year ago

MiloTruck changed the severity to 2 (Med Risk)

c4-judge commented 1 year ago

MiloTruck marked the issue as satisfactory