search

code-423n4 / 2024-01-salty-findings

5 stars 3 forks source link

In depegging event of WBTC & WETH , there will be potential DOS #930

Closed c4-bot-6 closed 5 months ago

c4-bot-6 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/price_feed/CoreUniswapFeed.sol#L50-L74

Vulnerability details

Impact

Potential DOS for price feed if depegging event happen

Proof of Concept

Protocol use wbtc / weth for btc and eth .If the WBTC/WETH bridge is compromised and WBTC/WETH depegs from BTC/ETH, the protocol will continue to price BTC/ETH using the WBTC/WETH price, even though WBTC/WETH will instantly become worth far less than native BTC/ETH due to the bridge compromise.

Tools Used

manual view

Recommended Mitigation Steps

use btc / eth instead of wbtc/weth

Assessed type

DoS

c4-judge commented 5 months ago

Picodes marked the issue as duplicate of #632

c4-judge commented 5 months ago

Picodes marked the issue as satisfactory