c4-judge
commented
8 months ago Picodes marked the issue as satisfactory
Open c4-bot-3 opened 8 months ago
c4-judge
commented
8 months ago Picodes marked the issue as satisfactory
c4-judge
commented
8 months ago Picodes marked the issue as confirmed for report
Lines of code
Vulnerability details
Comments
In the original implementation, Chainlink BTC price feed is BTC/USD instead of WBTC/USD, which is different from Uniswap feed and Salty feed. If somehow WBTC is depegged, A malicious user can force some positions to become liquidable by manipulating WBTC spot price in WBTC Salty pool.
Mitigation
commit 8e3231d The mitigation removed the whole stablecoin framework: /stablecoin, /price_feed, WBTC/WETH collateral, PriceAggregator, price feeds and USDS. The original issue was resolved since the flaw function has been entirely removed.
Conclusion
Confirmed