Alice's liquidity position is valued different to Bob's swap, despite the same exact, economic conditions.
An attacker, sees this, good old Charlie, and can arbitrage between these functions, profiting at Alice and Bob's expense.
Over a long while, this discrepancy will have losses for both
Alice and Bob, loose trust in Basin, and then become mev searchers instead of a Basin user.
Bug is in these functions:
function getRatiosFromPriceLiquidity(uint256 price) external pure returns (PriceData memory) {}
// And here
function getRatiosFromPriceSwap(uint256 price) external pure returns (PriceData memory) {}
Lines of code
https://github.com/code-423n4/2024-07-basin/blob/main/src/functions/StableLUT/Stable2LUT1.sol#L27
Vulnerability details
Impact
Lets go with Alice and Bob, who are liquidity providers in a pool using the Stable2LUT1.sol. Alice adds liquidity using the getRatiosFromPriceLiquidity() function, so Bob swaps tokens using getRatiosFromPriceSwap(). Due to the divergence of price between these functions:
Bug is in these functions:
Proof of concept
Place in LookupTable.t.sol to run:
Proof of test showing bug:
Tools Used
Foundry, Manual, Vs-code, Audit Wizard
Recommended Mitigation Steps
Above mitigation prevents this divergence but will need to be more precise:
getRatiosFromPrice
function for both swap and liquidity operations.Assessed type
Context