This price is used in trade to perform multiple actions throughout the codebase
It is reasonable to think that protocol will use on chain price for some tokens due to unavailability of pricefeed with better deviation threshold and heartbeat.In such cases slot0 price will be used in calculation which can be manipulated by attacker
Tools Used
Manual
Recommended Mitigation Steps
To make any calculation use a TWAP instead of slot0
Then compare the price from chainlink or anoother oracle to make sure that price is not stale or outdated
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/main/src/libraries/UniHelper.sol#L13
Vulnerability details
Impact
Usage of slot0 is extremely easy to manipulate
Proof of Concept
https://github.com/code-423n4/2024-05-predy/blob/main/src/libraries/UniHelper.sol#L13
This price is used in trade to perform multiple actions throughout the codebase
It is reasonable to think that protocol will use on chain price for some tokens due to unavailability of pricefeed with better deviation threshold and heartbeat.In such cases slot0 price will be used in calculation which can be manipulated by attacker
Tools Used
Manual
Recommended Mitigation Steps
Assessed type
Library