Potential flash loan vulnerability in getPrice() of UniswapV2Oracle.sol
Summary
This report highlights a potential flash loan vulnerability in the Uniswap V2 Oracle, specifically in the getPrice() function. The code snippet provided in the submission utilizes spot prices without incorporating time-weighted average prices or other mechanisms to mitigate flash loan attacks. This vulnerability exposes the system to potential price manipulation and exploitation by flash loan attackers.
Vulnerability Detail
The vulnerability arises from the use of spot prices in the calculation of the price for the given Uniswap pair. The getPrice() function retrieves the reserves of the pair (r0 and r1) and the spot prices of the tokens (px0 and px1). It then performs calculations based on these values to determine the price.
However, the code lacks any explicit implementation of TWAP oracles or similar mechanisms to ensure more stable and reliable price references. Without incorporating TWAP prices, the system becomes susceptible to flash loan attacks. Flash loans enable borrowers to exploit price discrepancies within a single transaction, potentially manipulating the outcome and gaining an unfair advantage.
Impact
The flash loan vulnerability in the Uniswap V2 Oracle's getPrice() function poses a risk to the integrity and stability of the system. If exploited, attackers could manipulate the spot prices of tokens within a flash loan transaction, leading to inaccurate price calculations and potentially causing financial losses or disruptions to users relying on the Uniswap V2 Oracle.
helpMePlease
high
Potential flash loan vulnerability in
getPrice()ofUniswapV2Oracle.solSummary
This report highlights a potential flash loan vulnerability in the Uniswap V2 Oracle, specifically in the
getPrice()function. The code snippet provided in the submission utilizes spot prices without incorporatingtime-weighted average pricesor other mechanisms to mitigate flash loan attacks. This vulnerability exposes the system to potential price manipulation and exploitation by flash loan attackers.Vulnerability Detail
The vulnerability arises from the use of spot prices in the calculation of the price for the given Uniswap pair. The
getPrice()function retrieves the reserves of the pair (r0 and r1) and the spot prices of the tokens (px0 and px1). It then performs calculations based on these values to determine the price.However, the code lacks any explicit implementation of TWAP oracles or similar mechanisms to ensure more stable and reliable price references. Without incorporating TWAP prices, the system becomes susceptible to flash loan attacks. Flash loans enable borrowers to exploit price discrepancies within a single transaction, potentially manipulating the outcome and gaining an unfair advantage.
Impact
The flash loan vulnerability in the Uniswap V2 Oracle's
getPrice()function poses a risk to the integrity and stability of the system. If exploited, attackers could manipulate the spot prices of tokens within a flash loan transaction, leading to inaccurate price calculations and potentially causing financial losses or disruptions to users relying on the Uniswap V2 Oracle.Code Snippet
https://github.com/sherlock-audit/2023-04-blueberry/blob/96eb1829571dc46e1a387985bd56989702c5e1dc/blueberry-core/contracts/oracle/UniswapV2Oracle.sol#L33
Tool used
Manual Review
Recommendation
It is strongly recommended to incorporate TWAP or other mechanisms that provide more reliable and stable price references.