`XOracle` update is vulnerable to sandwich attack.

Summary

XOracle update is vulnerable to sandwich attack.

Vulnerability Detail

When a oracle update tx is in the mempool, MEV bots can buy the token that will be more expensive and sell after the price is updated.

xOracle.putPrice(_usdt, t1, 1e18); // USD1 = 1 USDT
unitas.swap(_usdt, _usd1, ISwapFunctions.AmountType.Out. 10000); // Buy 10000 USD1 with 10000 USDT
xOracle.putPrice(_usdt, t2, 2e18); // USD1 = 2 USDT i.e. USD1 price increases
unitas.swap(_usd1, _usdt, ISwapFunctions.AmountType.In, 10000); // Sell 10000 USD1 and earn 20000 USDT

Impact

Unitas reserves are drained.

Code Snippet

https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/XOracle.sol#L30
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/Unitas.sol#L439

Tool used

Manual Review

Recommendation

It is hard to eliminate sandwich attack, but it can be mitigated by the following ways.

Update the oracle before the arbitrage exceeds the swap fee.
Allow prices to update gradually over multiple blocks.
2-step swap. Users request to swap and keepers confirm to execute.

Duplicate of #67

sherlock-audit / 2023-04-unitasprotocol-judging

qpzm - `XOracle` update is vulnerable to sandwich attack. #140

`XOracle` update is vulnerable to sandwich attack.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2023-04-unitasprotocol-judging

qpzm - `XOracle` update is vulnerable to sandwich attack. #140

XOracle update is vulnerable to sandwich attack.

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

`XOracle` update is vulnerable to sandwich attack.