Lines of code

Vulnerability details

C4 Issue

https://github.com/code-423n4/2024-01-salty-findings/issues/486

Comments

The issue discusses how salty utilizes three primary price feeds to determine the value of BTC and ETH collateral backing USDS, including Chainlink, Uniswap V3 TWAP, and Salty.IO Reserves. A vulnerability arises when the Chainlink feed fails to update within its 60-minute window, deferring to the other two feeds for price data. Relying on liquidity pool reserves for pricing is particularly risky, as these can be manipulated through token swaps, a situation exacerbated by the availability of flash loans that allow for temporary acquisition of large token quantities to alter pool ratios drastically. Thus, if Chainlink updates lapse, an attacker could manipulate the salty Reserves to artificially affect BTC or ETH prices. This manipulation could cause the PriceAggregator contract to revert during price data requests if the discrepancy between the manipulated price and another valid feed exceeds acceptable bounds, potentially destabilizing the system.

Mitigation

https://github.com/othernet-global/salty-io/commit/8e3231d3f444e9851881d642d6dd03021fade5ed

The mitigation for this issue revolved around the deprecation of number of key components including:

The overcollateralized USDS stablecoin framework was completely deprecated, which also meant borrowing of USDS no longer exists, ergo liquidations are no longer possible.
The price aggregator itself was deprecated because its main purpose was to provide pricing for the collateral and liquidity framework which itself has been deprecated.

Conclusion

LGTM

code-423n4 / 2024-03-saltyio-mitigation-findings