Open hats-bug-reporter[bot] opened 1 year ago
Hello, Thanks a lot for your attention.
Your assumption is right if we didn't have the deltaAggregator parameter. This parameter compare the price returned by the LP with the Chainlink one. We'll use low % in production < 1-2%, this paired with deep liquidity LP will prevent Liquidity attacks.
This is the design we choose,
Because of this, we have to consider this issue as Invalid
Github username: @ahmaddecoded Submission hash (on-chain): 0x6f6db8667ad9cff386f5dd3e9195c3b2a46f55c6eb4b905c619d8bd9d19219d6 Severity: high
Description: Description\ Uniswap v2 price determined based on reserves can be manipulated Attack Scenario\ Price calculated based upon reserves is easily manipulatable using the flash loan and has been cause of critical vulnerabilities in past Attachments
Assets can be easily changed in one transaction using flashloan and than performing an operation on convergence. That could lead to substantial loss.
Instead use the TWAp price recommended by uniswap