c4-judge
commented
4 months ago Picodes marked the issue as satisfactory
Open c4-bot-2 opened 4 months ago
c4-judge
commented
4 months ago Picodes marked the issue as satisfactory
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/224
Comments
The issue describes how the formPOL function is susceptible to a known liquidity deposit sandwich attack, leading to potential financial losses for the protocol. This vulnerability arises because formPOL lacks slippage controls during liquidity deposits in Uniswap V2 style pools, making it possible for attackers to manipulate pool ratios for profit. The attack involves an attacker deliberately shifting the pool's token ratio, allowing them to benefit from the subsequent liquidity deposit made at this manipulated ratio, and finally selling tokens into the pool at a favorable rate.
Mitigation
https://github.com/othernet-global/salty-io/commit/eaf40ef0fa27314c6e674db6830990df68e5d70e
The mitigation for this issue revolved around the deprecation of number of key components including the removal of the overcollateralized USDS stablecoin framework, which also meant borrowing of USDS no longer exists. POL itself was also deprecated due to a number of reasons, one of which is that it was no longer needed to cover bad debt or shortfalls in USDS, since there will be none.
Conclusion
LGTM