The issue highlights an edge case vulnerability that arises from the price feed aggregator in the Salty protocol, which averages the closest two prices from three feeds (Chainlink, Uniswap 30 minute TWAP, and Salty spot price) for operations like liquidation and borrowing. If the disparity between the feeds exceeds a set threshold (3% by default), the aggregator reverts transactions. This mechanism becomes problematic during high volatility( which is the case in period with high liquidations), as the feeds—due to their distinct reporting methods—are likely to diverge beyond this limit. Uniswap's TWAP, with a 30-minute delay, contrasts with the immediate updates from Chainlink and Salty, leading to potential discrepancies especially in fast-moving markets.
The mitigation for this issue revolved around the deprecation of number of key components including:
The overcollateralized USDS stablecoin framework was completely deprecated, which also meant borrowing of USDS no longer exists, ergo liquidations are no longer possible.
The price aggregator itself was deprecated because its main purpose was to provide pricing for the collateral and liquidity framework which itself has been deprecated.
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/809
Comments
The issue highlights an edge case vulnerability that arises from the price feed aggregator in the Salty protocol, which averages the closest two prices from three feeds (Chainlink, Uniswap 30 minute TWAP, and Salty spot price) for operations like liquidation and borrowing. If the disparity between the feeds exceeds a set threshold (3% by default), the aggregator reverts transactions. This mechanism becomes problematic during high volatility( which is the case in period with high liquidations), as the feeds—due to their distinct reporting methods—are likely to diverge beyond this limit. Uniswap's TWAP, with a 30-minute delay, contrasts with the immediate updates from Chainlink and Salty, leading to potential discrepancies especially in fast-moving markets.
Mitigation
https://github.com/othernet-global/salty-io/commit/8e3231d3f444e9851881d642d6dd03021fade5ed
The mitigation for this issue revolved around the deprecation of number of key components including:
Conclusion
LGTM