Closed sherlock-admin closed 1 year ago
vagrant
medium
Sandwiching price updates for profit (Assumes fees are very low or 0)
Anyone can observe a calls to XOracle that updates the prices of pairs and sandwich them.
Loss of funds for the protocol
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/XOracle.sol#L26 https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/XOracle.sol#L34
Manual Review
Add a time delay for swaps that prevents a user from being able to call swap twice in the same block
Duplicate of #67
vagrant
medium
Sandwiching price updates for profit
Summary
Sandwiching price updates for profit (Assumes fees are very low or 0)
Vulnerability Detail
Anyone can observe a calls to XOracle that updates the prices of pairs and sandwich them.
Impact
Loss of funds for the protocol
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/XOracle.sol#L26 https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/XOracle.sol#L34
Tool used
Manual Review
Recommendation
Add a time delay for swaps that prevents a user from being able to call swap twice in the same block
Duplicate of #67