Other: Economic damage due to price manipulation which may lead to incorrect token valuation and potential financial loss to stakeholders.
Affected component(s)
function getCurrentCFMMPrice in CPMMBorrowStrategy.sol
Attack vector(s)
An attacker could exploit the vulnerability by manipulating the reserves of tokens in the liquidity pool to affect the computed price.
Suggested description of the vulnerability for use in the CVE
The function **getCurrentCFMMPrice()** in the Gammaswap uses a simplistic calculation method for token price based on the token reserves, which could be manipulated by altering the reserve quantities in the liquidity pool. This method is highly vulnerable to price manipulation attacks.
Discoverer(s)/Credits
xFuzz
Proposed Solution
Implement additional checks to ensure reserve ratios are within certain thresholds before calculating prices or consider using a weighted average or external oracle to obtain more stable and reliable price data.
Impact
Affected component(s)
function
getCurrentCFMMPrice
in CPMMBorrowStrategy.solAttack vector(s)
An attacker could exploit the vulnerability by manipulating the reserves of tokens in the liquidity pool to affect the computed price.
Suggested description of the vulnerability for use in the CVE
The function
**getCurrentCFMMPrice()**
in the Gammaswap uses a simplistic calculation method for token price based on the token reserves, which could be manipulated by altering the reserve quantities in the liquidity pool. This method is highly vulnerable to price manipulation attacks.Discoverer(s)/Credits
xFuzz
Proposed Solution
Implement additional checks to ensure reserve ratios are within certain thresholds before calculating prices or consider using a weighted average or external oracle to obtain more stable and reliable price data.
Reference(s)