sherlock-audit / 2023-04-unitasprotocol-judging

4 stars 3 forks source link

n33k - MEV bot can sandwich attack oracle update transactions to steal the protocol #103

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

n33k

high

MEV bot can sandwich attack oracle update transactions to steal the protocol

Summary

This protocol allows users to swap tokens at a fixed price point without slippage. This seems to mitigate the sandwich attacks but it actually transferred the risk from the swap users to the whole protocol. The swap exchange rate is changed when oracle prices update. The attacker can sandwich the price oracle update transaction to profit from the exchange rate fluctuation.

Vulnerability Detail

The swap exchange rate is determined by the prices in the oracle. The oracle price update will change the exchange rate.

The attacker can monitor the mempool for price update transactions. He can frontrun the price update transaction with a swap transaction and backrun with a reverse swap to profit.

Impact

The protocol is subject to sandwich attack and the attacker can steal protocol assets. Note that this sandwich attack affects the whole assets in the pool and is much worse than the single user swap slippage loss we saw in other swaps like uniswap, sushiswap.

Code Snippet

Swap exchange rate is derived from the price in the oracle.

https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/Unitas.sol#L439-L457

https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/SwapFunctions.sol#L203-L215

https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/SwapFunctions.sol#L227-L239

The price is pushed to the oracle contract by calling updatePrices.

https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/XOracle.sol#L34

Tool used

Manual Review

Recommendation

gmx-synthetics also swaps using oracle price. They measure the market impact of the swap and reflect it in the swap result. This could be a reference design to fix the problem.

Duplicate of #67