The issue describes how an attacker can exploit the liquidity valuation mechanism in Salty by manipulating the reserve ratio of a pool to artificially inflate the value of a liquidity position, enabling them to take out an undercollateralized USDS loan. This is done by performing a swap that significantly alters the pool's reserve ratio, diverging from the "correct" ratio that matches the oracle-provided values of the tokens. Despite the aggregated oracle being difficult to manipulate directly, altering the token ratio in a Uniswap V2 style pool increases the USD-denominated value of the liquidity position due to the mechanics of AMM arbitrage and slippage. This inflated value can then be used as collateral to borrow USDS, potentially leading to a scenario where the stablecoin becomes undercollateralized if the borrowed funds are not repaid.
The mitigation for this issue revolved around the deprecation of number of key components including the removal of the overcollateralized USDS stablecoin framework, which also meant the concept of borrowing of USDS no longer exists.
Lines of code
Vulnerability details
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/222
Comments
The issue describes how an attacker can exploit the liquidity valuation mechanism in Salty by manipulating the reserve ratio of a pool to artificially inflate the value of a liquidity position, enabling them to take out an undercollateralized USDS loan. This is done by performing a swap that significantly alters the pool's reserve ratio, diverging from the "correct" ratio that matches the oracle-provided values of the tokens. Despite the aggregated oracle being difficult to manipulate directly, altering the token ratio in a Uniswap V2 style pool increases the USD-denominated value of the liquidity position due to the mechanics of AMM arbitrage and slippage. This inflated value can then be used as collateral to borrow USDS, potentially leading to a scenario where the stablecoin becomes undercollateralized if the borrowed funds are not repaid.
Mitigation
https://github.com/othernet-global/salty-io/commit/8e3231d3f444e9851881d642d6dd03021fade5ed
The mitigation for this issue revolved around the deprecation of number of key components including the removal of the overcollateralized USDS stablecoin framework, which also meant the concept of borrowing of USDS no longer exists.
Conclusion
LGTM