pontifex - Using TWAP oracle prices can be a cause of money losing during high volatility periods

[sherlock-admin]

pontifex

medium

Using TWAP oracle prices can be a cause of money losing during high volatility periods

Summary

TWAP doesn't provide the current spot price and has a gap, which depends on the market volatility. Giving the opportunity to exchange the $tokenToBeneficiary token on other tokens in the SwapperImpl contract with TWAP price is like giving a time machine. When the $tokenToBeneficiary price goes down, the TWAP price is higher than the spot price. In this case exchanging at the TWAP price is pointless. The time to exchange comes when the spot price becomes higher than the TWAP price. It will be exactly at the market local bottom.

Vulnerability Detail

https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-oracle/src/UniV3OracleImpl.sol#L248-L285 The _getQuoteAmount returns the quote amount for the trade calculated with TWAP oracle price with possible scaledOfferFactor. Economically meaningless buying at TWAP price which higher than spot price. The scaledOfferFactor can speed up the deal, but will not allow to sell $tokenToBeneficiary at the market price. The more volatile the market, the higher the discount should be. Since there is no mechanism to automatically change the $tokenToBeneficiary, there will come a point where the beneficiary will not be able to control the demand.

Impact

The $tokenToBeneficiary token is always exchanged at its worst price. The more volatile the market, the greater the effect.

Code Snippet

No

Tool used

Manual Review

Recommendation

I suggest using TWAP price with a short period to be closer to the spot price, but also comparing it with long period TWAP price to prevent oracle price manipulation.

Duplicate of #47

[ChechetkinVV]

Escalate for 10 USDC I think this submission is not exactly the same with #47 and others (except #78) but very close and it is a valid medium issue. First of all let’s consider that traders are sophisticated. In the picture below you can see the one minute spot prices chart with the thirty minutes weighted average price indicator. There is a gap between the spot prices and WMA. The same thing will be for the TWAP oracle prices. When the TWAP price is higher than the spot price the sophisticated trader waits. When the TWAP price became equal to the spot price or even lower than the spot price - the trader buys. As you can see, the signals to buy are near the local minimums of the spot prices. The owner can motivate traders with a discount, which should cover the gap between the TWAP price and the spot price and this way the owner could regulate slipperage. But the gap depends on market conditions and the gap can dramatically grow in the high volatility periods. That can be a cause of unpredictable slippage. I am sure that the contract should be guarded from any market conditions. Sherlock rules considered slippage as a valid high issue. Due to this case needing special market conditions I labeled this issue as medium.

[sherlock-admin]

Escalate for 10 USDC I think this submission is not exactly the same with #47 and others (except #78) but very close and it is a valid medium issue. First of all let’s consider that traders are sophisticated. In the picture below you can see the one minute spot prices chart with the thirty minutes weighted average price indicator. There is a gap between the spot prices and WMA. The same thing will be for the TWAP oracle prices. When the TWAP price is higher than the spot price the sophisticated trader waits. When the TWAP price became equal to the spot price or even lower than the spot price - the trader buys. As you can see, the signals to buy are near the local minimums of the spot prices. The owner can motivate traders with a discount, which should cover the gap between the TWAP price and the spot price and this way the owner could regulate slipperage. But the gap depends on market conditions and the gap can dramatically grow in the high volatility periods. That can be a cause of unpredictable slippage. I am sure that the contract should be guarded from any market conditions. Sherlock rules considered slippage as a valid high issue. Due to this case needing special market conditions I labeled this issue as medium.

You've created a valid escalation for 10 USDC!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

[hrishibhat]

Escalation rejected

Not a valid high/medium issue given that the system works as intended Lead Watson comment:

This is intended behavior of the system. That’s why they allow scaling factors to be greater than 1, so that swaps only happen in these periods. Oracles can choose any period they like if they don’t like this behavior

Lead Judge comment:

the 30 minutes spot price internal is a design choice. it is possible the TWAP price higher than spot price as the report, which is ok

[sherlock-admin]

Escalation rejected

Not a valid high/medium issue given that the system works as intended Lead Watson comment:

This is intended behavior of the system. That’s why they allow scaling factors to be greater than 1, so that swaps only happen in these periods. Oracles can choose any period they like if they don’t like this behavior

Lead Judge comment:

the 30 minutes spot price internal is a design choice. it is possible the TWAP price higher than spot price as the report, which is ok

This issue's escalations have been rejected!

Watsons who escalated this issue will have their escalation amount deducted from their next payout.