Kerosine price can be controlled by Rich people causing several issues

[c4-bot-2]

Lines of code

https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L156-L169 https://github.com/code-423n4/2024-04-dyad/blob/main/src/core/VaultManagerV2.sol#L172-L181

Vulnerability details

Impact

The kerosine price is determined using the TVL, and the total Supply of the DYAD token.

Vault.kerosine.unbounded.sol#L60-L65

  function assetPrice()  ...  (uint) {
      for (uint i = 0; i < numberOfVaults; i++) {
        tvl += vault.asset().balanceOf(address(vault)) 
                * vault.assetPrice() * 1e18
                / (10**vault.asset().decimals()) 
                / (10**vault.oracle().decimals());
      }
❌️    uint numerator   = tvl - dyad.totalSupply();
      uint denominator = kerosineDenominator.denominator();
      return numerator * 1e8 / denominator;
  }

What can occur is that if there is a rich person with large collaterals in a given position. He can continuously mint and burn DYAD. Making the Price Go Up and Down.

VaultManagerV2.sol#L156-L181

  function mintDyad( ... ) external isDNftOwner(id) {
    uint newDyadMinted = dyad.mintedDyad(address(this), id) + amount;
    if (getNonKeroseneValue(id) < newDyadMinted)     revert NotEnoughExoCollat();
    dyad.mint(id, to, amount);
    if (collatRatio(id) < MIN_COLLATERIZATION_RATIO) revert CrTooLow(); 
    emit MintDyad(id, amount, to);
  }

  /// @inheritdoc IVaultManager
  function burnDyad( ... ) external isValidDNft(id) {
    dyad.burn(id, msg.sender, amount);
    emit BurnDyad(id, amount, msg.sender);
  }

There are no restrictions for minting and burning. You should just keep CR > 150% when minting. So if a Rich person have a lot of collaterals in His Position and has no DYAD minted he can mint a lot of DYAD tokens.

And of course, he can also burn them, no problem.

• Minting DYAD will make kerosine price decrease.
• Burning DYAD will make kerosine price increase.

This will introduce some Attacks to occur.

1. Arbitrage trading and gaining profits.
2. Frontrun users' transactions by either increasing the price of kerosine or decreasing it.
3. Minting A large amount of DYAD to decrease kerosine prices, this will make positions that depend on kerosine as collateral (endogenous) in an under-collateralization risk.

The number of things that occur from controlling the price is a lot and we just said some of the issues that can occur.

Prood of Concept

We will explain how manipulating the kerosine price will make a profit for the manipulator.

Arbitrage

What can rich people do to make arbitrage trading profits from that issue is:

1. Burn a lot of DYAD tokens.
2. Kerosine price increases.
3. Swap that kerosine to another token (on 3rd party DEX or something).
4. Mint that DYAD tokens again and they will gain a profit as they made a swap when the kerosine price worth more than its real value.

Liquidating Positions

1. Mint a lot of DYAD tokens.
2. Kerosine price decreases.
3. Some positions, which have endogenous collaterals, go undercollateralized.
4. Liquidate these positions and gain additional rewards.

Tools Used

Manual Review

Recommended Mitigation Steps

1. Do not allow burning from a position that is minted short time ago. We can make a MIN_BURN_AMOUNT variable to be 1 day. so the token owner can only burn his tokens if he minted them 1 day ago. This will prevent minting and burning in a short time.

2. Do not allow minting in a short period of time. This will be like if you minted now, you can only mint tomorrow.

This will not mitigate the issue 100%, but it will reduce its occurrence and impact.

Assessed type

Context

[c4-pre-sort]

JustDravee marked the issue as duplicate of #67

[c4-pre-sort]

JustDravee marked the issue as sufficient quality report

[c4-judge]

koolexcrypto marked the issue as unsatisfactory: Invalid

[c4-judge]

koolexcrypto marked the issue as satisfactory