search

code-423n4 / 2024-01-salty-findings

4 stars 3 forks source link

WBTC Price becomes problematic if WBTC depegs #997

Closed c4-bot-8 closed 5 months ago

c4-bot-8 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-01-salty/blob/main/src/price_feed/CoreChainlinkFeed.sol#L21

Vulnerability details

Impact

Reserve ratios and pool constraints may break if the WBTC bridge becomes compromised, and WBTC undergoes depegging

Proof of Concept

The chainlink BTC/USD oracle is utilized to price WBTC [https://github.com/code-423n4/2024-01-salty/blob/main/src/price_feed/CoreChainlinkFeed.sol#L21] . WBTC, being a bridged asset, could depeg if the bridge is compromised or fails, causing it to no longer be equivalent to BTC. This scenario would result in all swap functions (essentially the entire protocol) being active against an asset that is now effectively worthless.The protocol continues to value WBTC via BTC/USD, leading to several potential malicious actions, especially since many invariants depend on the WBTC/ETH pool

As the protocol operates smoothly with at least two functioning price feeds,the CoreUniswapFeed UniV3 TWAP safeguards against such asset depegging but other two CoreSaltyFeed and CoreChainlinkFeed will have no effect and hence protocol will keep functioning even in such case

Tools Used

Manual

Recommended Mitigation Steps

Conduct a thorough analysis and implement a robust solution for determining the price of WBTC.

Assessed type

Oracle

c4-judge commented 5 months ago

Picodes marked the issue as duplicate of #632

c4-judge commented 4 months ago

Picodes marked the issue as satisfactory