The protocol logic assumes that 1 DYAD is equal to $1, this is especially evident during withdrawals and redeems.
If a de-pegging event occurs due to DYAD becoming undercollateralized in case of a black swan event, and we have seen such cases with USDC reaching below 0.8 or even DAI reaching 0.897 in March 2023, this can be utilized by malicious actors and/or for arbitrage opportunities.
Same situation can occur if DYAD goes above $1, then excessive minting can occur to mint it at a $1 price and then re-sell it on a secondary market for a profit, as the mintDyad function also assumes a $1 price.
Proof of Concept
When a collateral deposit is made into the system, the amount of collateral is registered under the id2asset[] variable using the dNFT id as a key.
And mapping the amount of the collateral deposited through the vault deposit function:
id2asset[id] += amount;
When redeeming collateral, we're picking the amount of DYAD that we want to burn and that amount is used to calculate how much collateral we should get in return.
The problems here are:
The way that we're calculating this is by pinging the oracle to return the collateral's asset value in USD, while at the same time assuming that 1 DYAD = 1 USD.
Lines of code
https://github.com/code-423n4/2024-04-dyad/blob/4a987e536576139793a1c04690336d06c93fca90/src/core/VaultManagerV2.sol#L184-L202 https://github.com/code-423n4/2024-04-dyad/blob/4a987e536576139793a1c04690336d06c93fca90/src/core/VaultManagerV2.sol#L134-L153
Vulnerability details
Impact
The protocol logic assumes that 1 DYAD is equal to $1, this is especially evident during withdrawals and redeems.
If a de-pegging event occurs due to DYAD becoming undercollateralized in case of a black swan event, and we have seen such cases with USDC reaching below 0.8 or even DAI reaching 0.897 in March 2023, this can be utilized by malicious actors and/or for arbitrage opportunities.
Same situation can occur if DYAD goes above $1, then excessive minting can occur to mint it at a $1 price and then re-sell it on a secondary market for a profit, as the
mintDyad
function also assumes a $1 price.Proof of Concept
When a collateral deposit is made into the system, the amount of collateral is registered under the
id2asset[]
variable using the dNFT id as a key.And mapping the amount of the collateral deposited through the vault deposit function:
id2asset[id] += amount;
When redeeming collateral, we're picking the
amount
of DYAD that we want to burn and that amount is used to calculate how much collateral we should get in return.The problems here are:
The following exploit scenario can take place in the case of a DYAD de-peg:
Other arbitrage opportunities might be possible as well as same assumptions are being made in the
mintDyad
function as well.In case the price of DYAD is above 1 USD, this can also be used as an arbitrage opportunity to exploit the system and over-mint DYAD.
Tools Used
Manual Review
Recommended Mitigation Steps
Don't assume that DYAD is always worth 1 USD when depositing / redeeming.
Assessed type
Other