GalloDaSballo
commented
6 months ago I believe this applies to all markets ever, not convinced this submissions shows any real risk that the code introduces Also note that oracle update sandwhiching is a MEV operation and if they are going to create bad debt they are staticically just as likely to self rekt lastly, the premium in MEV auctions goes to the block producers (or proposers), meaning that the attacker would actually risk most of their premium away either way in lack of an atomic exploit, which was not demonstrated here
c4-pre-sort
c4-judge
Lines of code
https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WiseLending.sol#L1016
Vulnerability details
Impact
Loss of protocol funds
Proof of Concept
In the case of a price drop where collateral value drops compared to loan token value, an attacker can sandwich the price change by supply and borrow a huge amount of assets to make a healthy position (that will be liquidatable after the price change), then after price changed, liquidate his own position to seize all the collateral.
It´s because when a steep price drop occurs, it will be reflected almost real-time by ChainLink nodes. Meanwhile, there will be a maturing time for Uniswap TWAP. This gap can´t be utilized to liquidate positions due to price validation doesn´t return true as per the difference percentage. However, once the TWAP matures to catch the Chainlink price, it´s possible to self liquidate. Hence, the attacker can liquidate his own position and seize all collateral assets resulting in getting profit from bad debt, while maintaining all his collateral assets.
Tools Used
Manual Review
Recommended Mitigation Steps
Consider not allowing borrow operations that fall in a price range that can be liquidatable for a pre-set price percentage difference
Assessed type
MEV