The issue describes how one of the price feeds used by the price aggregator, specificaly the uniswap TWAP feed can return a faulty price. The implementation for getting historical tick data differed slightly as to how was implemented in Uniswap, specifically if int24(tickCumulatives[1] - tickCumulatives[0]) is negative, then the tick should be rounded down as it's done in the uniswap library. However this was not the case in the version implemented in CoreUniswapFeed.
The final mitigation for this issue revolved around the deprecation of number of key components including:
The overcollateralized USDS stablecoin framework was completely deprecated, which also meant borrowing of USDS no longer exists, ergo liquidations are no longer possible.
The price aggregator itself was deprecated because its main purpose was to provide pricing for the collateral and liquidity framework which itself has been deprecated.
Lines of code
Vulnerability details
C4 Issue
https://github.com/code-423n4/2024-01-salty-findings/issues/380
Comments
The issue describes how one of the price feeds used by the price aggregator, specificaly the uniswap TWAP feed can return a faulty price. The implementation for getting historical tick data differed slightly as to how was implemented in Uniswap, specifically if int24(tickCumulatives[1] - tickCumulatives[0]) is negative, then the tick should be rounded down as it's done in the uniswap library. However this was not the case in the version implemented in CoreUniswapFeed.
Mitigation
https://github.com/othernet-global/salty-io/commit/8e3231d3f444e9851881d642d6dd03021fade5ed
The final mitigation for this issue revolved around the deprecation of number of key components including:
Conclusion
LGTM