Closed c4-bot-7 closed 4 months ago
raymondfam marked the issue as insufficient quality report
Inadequate elaboration given. QA at best.
raymondfam marked the issue as primary issue
hansfriese changed the severity to QA (Quality Assurance)
hansfriese marked the issue as grade-c
Lines of code
https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/libraries/LibOracle.sol#L131-L143 https://github.com/code-423n4/2024-03-dittoeth/blob/91faf46078bb6fe8ce9f55bcb717e5d2d302d22e/contracts/libraries/LibBridgeRouter.sol#L113-L141
Vulnerability details
Summary
There are checks missing on prices returned by the
estimateTWAP
functionVulnerability Details
Essential price checks carried out in
LibOracle::twapCircuitBreaker()
are not similarly carried out inLibBridgeRouter::withdrawalFeePct()
.twapCircuitBreaker()
reverts if theWETH/USDC
pool returns0
or if the pool has less than 100 Ether which would make it unreliable and manipulatable. This is more important forrEth/wEth
&stETH/wETH
whose pools already have far less liquidity thanWETH/USDC
and are likelier to break this threshold.Impact
If
0
values are returned this will results in users paying no fees and the protocol losing money. Low liquidity pools are inherently more volatile and can be manipulated by malicious users.Tools Used
Manual Review Foundry Testing
Recommendations
withdrawalFeePct()
should implement the same checks to ensure that returned prices are accurate.Assessed type
Oracle