search

code-423n4 / 2024-03-saltyio-mitigation-findings

0 stars 0 forks source link

M-18 MitigationConfirmed #99

Open c4-bot-1 opened 4 months ago

c4-bot-1 commented 4 months ago

Lines of code

Vulnerability details

C4 Issue

https://github.com/code-423n4/2024-01-salty-findings/issues/380

Comments

The issue describes how one of the price feeds used by the price aggregator, specificaly the uniswap TWAP feed can return a faulty price. The implementation for getting historical tick data differed slightly as to how was implemented in Uniswap, specifically if int24(tickCumulatives[1] - tickCumulatives[0]) is negative, then the tick should be rounded down as it's done in the uniswap library. However this was not the case in the version implemented in CoreUniswapFeed.

Mitigation

https://github.com/othernet-global/salty-io/commit/8e3231d3f444e9851881d642d6dd03021fade5ed

The final mitigation for this issue revolved around the deprecation of number of key components including:

  1. The overcollateralized USDS stablecoin framework was completely deprecated, which also meant borrowing of USDS no longer exists, ergo liquidations are no longer possible.
  2. The price aggregator itself was deprecated because its main purpose was to provide pricing for the collateral and liquidity framework which itself has been deprecated.

Conclusion

LGTM

c4-judge commented 4 months ago

Picodes marked the issue as satisfactory