Changes to asset prices via the XOracle make the protocol vulnerable to sandwitch attacks.
Vulnerability Detail
A malicious actor can watch the mempool for calls to putPrice and/or updatePrices and front run the call with a swap, acquiring a position that will be advantageous after the price change.
After the call to putPrice/updatePrices goes through, they simply swap back to their original position for a profit.
Impact
Potentially ever price update can be used in a sandwitch attack to steal funds from the protocol.
Dug
medium
Price updates vulerable to sandwitch attacks
Summary
Changes to asset prices via the
XOracle
make the protocol vulnerable to sandwitch attacks.Vulnerability Detail
A malicious actor can watch the mempool for calls to
putPrice
and/orupdatePrices
and front run the call with a swap, acquiring a position that will be advantageous after the price change.After the call to
putPrice
/updatePrices
goes through, they simply swap back to their original position for a profit.Impact
Potentially ever price update can be used in a sandwitch attack to steal funds from the protocol.
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/XOracle.sol#L26-L45
Tool used
Manual Review
Recommendation
Consider a different mechanism for establishing asset prices.
Duplicate of #67