search

code-423n4 / 2024-04-panoptic-findings

9 stars 4 forks source link

Attacker can manipulate low TVL Uniswap V3 pool to borrow and swap to make Lending Pool in loss #138

Closed c4-bot-6 closed 6 months ago

c4-bot-6 commented 6 months ago

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/SemiFungiblePositionManager.sol#L995

Vulnerability details

Impact

Attacker can manipulate low TVL Uniswap V3 pool to borrow and swap to make Lending Pool in loss

Vulnerability Details

In Panoptic protocol, any Uniswap V3 position that are consist of ERC20 tokens that Panoptic support can be used as collateral to borrow funds from Panoptic pool. The value of the Uniswap V3 position will be the sum of the value of ERC20 tokens in it which is the account liquidity.

PanopticPool.sol#L686


(LeftRightUnsigned[4] memory collectedByLeg, LeftRightSigned totalSwapped) = SFPM
            .mintTokenizedPosition(tokenId, positionSize, tickLimitLow, tickLimitHigh);

SemiFungiblePositionManager.sol#L995


   uint128 startingLiquidity = currentLiquidity.rightSlot();
   uint128 removedLiquidity = currentLiquidity.leftSlot();
   uint128 chunkLiquidity = liquidityChunk.liquidity();

However, Uniswap V3 can have multiple pools for the same pairs of ERC20 tokens with different fee params. A fews has most the liquidity, while other pools have extremely little TVL or even not created yet. Attackers can abuse it, create low TVL pool where liquidity in this pool mostly (or fully) belong to attacker’s position, deposit this position as collateral and borrow token in Panoptic pool, swap to make the original position reduce the original value and cause Panoptic pool to be in a loss.

Proof of Concept

Consider the scenario where WETH and DAI are supported as collateral in Panoptic protocol.

  1. Alice (attacker) create a new WETH/DAI pool in Uniswap V3 and add liquidity with the following amount: 1e18 wei WETH - 1e6 wei DAI = 1 WETH - 1e-12 DAI ~= 1 ETH Let's just assume Alice position has price range from [MIN_TICK, MAX_TICK] so the math can be approximately like Uniswap V2 - constant product. Note that this pool only has liquidity from Alice.

  2. Alice deposit this position into Panoptic, value of this position is approximately 1 WETH and Alice borrow maximum possible amount of USDC.

  3. Alice make swap in her WETH/DAI pool in Uniswap V3 to make the position become 1e6 wei WETH - 1e18 wei DAI = 1e-12 WETH - 1 DAI ~= 1 DAI

Please note that the math done above is approximation based on Uniswap V2 formula x * y = k because Alice provided liquidity from MIN_TICK to MAX_TICK. For more information about Uniswap V3 formula, please check their whitepaper here: https://uniswap.org/whitepaper-v3.pdf.

The vulnerability and it's impact is similar to Paraspace H-05 where an attacker can manipulate low TVL Uniswap V3 pool to borrow and swap to make Lending Pool in loss

"Given a small enough pool and low seller diversity, premium manipulation by swapping back and forth in Uniswap is a known risk as long as it doesn't cause protocol loss" As explained above, the attacker can manipulate a low TVL Uniswap V3 pool to make Panoptic pool to be in a loss.

Tools Used

Manual Review

Recommended Mitigation Steps

Consider adding whitelist, only allowing pool with enough TVL to be collateral in Panoptic protocol.

Assessed type

Uniswap

dyedm1 commented 6 months ago

It's unclear how exactly the protocol loss would occur here. Any price manipulation would be arbed back rather quickly, and the price would have to stay manipulated for many blocks for protocol loss to be realized. There are of course risks and UX issues when trading on low TVL pools, but we have warnings on our interface (like Uniswap and other protocols do) to cover these issues.

c4-judge commented 6 months ago

Picodes marked the issue as unsatisfactory: Insufficient proof