PLVGLP Oracle is vulnerable to price manipulation. This allows an attacker to increase or decrease the price to carry out various attacks against the protocol.
Vulnerability Detail
PLVGLPOracle is vulnerable to price manipulation. This allows an attacker to increase or decrease the price to carry out various attacks against the protocol.
Impact
The attacker could perform price manipulation to make the apparent value of an asset to be much higher or much lower than the true value of the asset. Following are some risks of price manipulation:
An attacker can increase the value of their collaterals to increase their borrowing power so that they can borrow more assets than they are allowed from Sentiment.
An attacker can decrease the value of some collaterals and attempt to liquidate another user account prematurely.
Avoid using previewRedeem function to calculate the price.
Consider implementing TWAP so that the price cannot be inflated or deflated within a single block/transaction or within a short period of time.
w42d3n
medium
PLVGLP Oracle Vulnerable To Price Manipulation
Summary
PLVGLP Oracle is vulnerable to price manipulation. This allows an attacker to increase or decrease the price to carry out various attacks against the protocol.
Vulnerability Detail
PLVGLPOracle is vulnerable to price manipulation. This allows an attacker to increase or decrease the price to carry out various attacks against the protocol.
Impact
The attacker could perform price manipulation to make the apparent value of an asset to be much higher or much lower than the true value of the asset. Following are some risks of price manipulation:
Code Snippet
https://github.com/sherlock-audit/2023-01-sentiment/blob/main/oracle/src/plutus/PLVGLPOracle.sol#L47
Tool used
Manual Review
Recommendation
Avoid using
previewRedeemfunction to calculate the price. Consider implementing TWAP so that the price cannot be inflated or deflated within a single block/transaction or within a short period of time.