Open c4-bot-3 opened 2 months ago
alex-ppg marked the issue as unsatisfactory: Invalid
Hi @alex-ppg this issue is valid with a valid POC. author was point out exactly root cause. could you please take a look?
@Haupc Sponsors are not allowed to close, reopen, or assign issues or pull requests.
alex-ppg marked the issue as not a duplicate
alex-ppg marked the issue as selected for report
alex-ppg marked the issue as satisfactory
alex-ppg marked the issue as primary issue
Lines of code
https://github.com/code-423n4/2024-06-vultisig/blob/main/src/ILOManager.sol#L190 https://github.com/code-423n4/2024-06-vultisig/blob/main/src/ILOPool.sol#L296
Vulnerability details
Impact
It is possible to prevent the launch of any ILO pool at any time, including pools that have reached their total raised amount. This can be done at any time and the cost for the attacker is negligible.
Not only this is a DOS of the whole protocol, but the attack can be performed at the very end of the sale, making users lose a lot on gas fees, considering it will be deployed on Ethereum Mainnet. Hundreds or thousands of users will participate in ILO pools via
buy()
, and will have to later callclaimRefund()
to get their "raise" tokens back.Token launches that where deemed to be successful will be blocked after raising funds from many users, and this will most certainly affect the perception of the token, and its pricing on any attempt of a future launch/sale.
Vulnerability Details
The
ILOManager
contract has a check to assert that the price at the time of the token launch is the same as the one initialized by the project. If they differ the transaction will revert, and the token launch will fail:https://github.com/code-423n4/2024-06-vultisig/blob/main/src/ILOManager.sol#L190
The problem is that
sqrtPriceX96
can be easily manipulated in Uniswap v3 Pools when there is no liquidity in it via a swap with no cost.In theory, this could be mitigated by anyone by swapping back to get back to the original price.
But there is an additional problem which makes the severity of the attack even higher. The attacker can add single-sided liquidity to the pool (just the Raise Token) after the price was manipulated.
By adding liquidity in ticks greater than the manipulated price, but lower than the expected initial price, it would require the swapper to provide some
SALE_TOKEN
, which should not be available at this moment, since they should all be in the ILO pool.Even if the project admin has some
SALE_TOKEN
, the attacker can mint a higher amount of liquidity by providing more single-sidedRAISE_TOKEN
liquidity, making the needed amount ofSALE_TOKEN
even higher.Proof of Concept
The following Proof of Concept shows how an attacker can make a launch revert after raising capital, at the cost of providing liquidity with only
1 wei
of USDC (Raise Token).Console Output:
This would be enough to perform an attack that can't be reverted in most cases since no other sale tokens should be circulating before the launch. But for the sake of interest, the minted liquidity + the mitigation amount can be increased to check the values needed to get back to the initial price in different situations.
POC:
test/ILOManager.t.sol
ILOManagerTest
contract intest/ILOManager.t.sol
forge test --mt testManipulatePriceForLaunch -vv
Recommended Mitigation Steps
Since the price can be manipulated, and single-sided liquidity can be minted, getting the price back to its initial price would require swapping + providing
SALE_TOKEN
. Since its an initial sale with vesting for other participants, it is expected that no parties hold the token. But, even if they do, the attack can be performed at some cost anyways as explained before.So one possible solution could be to reserve some amount in the ILO pool in case it needs to be swapped back, and perform a swap before the liquidity is added to the Uniswap Pool, taking into account an amount that would make the attack very expensive to rollback. Another approach could involve having a wrapper token around the
SALE_TOKEN
that can be minted + swapped to reach the expected price.This is a potential first step. Additional considerations shall be taken into account, like an attacker minting liquidity on varios tick ranges, which may also affect calculations.
Assessed type
Uniswap