search

sherlock-audit / 2023-05-USSD-judging

9 stars 7 forks source link

WATCHPUG - Using the collateral assets' oracle price at 100% of its value to mint USSD without a fee can be used for arbitrage. #836

Open sherlock-admin opened 1 year ago

sherlock-admin commented 1 year ago

WATCHPUG

high

Using the collateral assets' oracle price at 100% of its value to mint USSD without a fee can be used for arbitrage.

Summary

Allowing the users to mint USSD using the collateral assets, at 100% of its value based on the oracle price without a fee can easily be exploited by the arbitragers.

Vulnerability Detail

The Oracle price can not be trusted as the real-time price.

For example, the BTC/USD and ETH/USD price feeds on miannet have a "Deviation threshold" of 0.5%, meaning that the price will only be updated once the price movement exceeds 0.5% within the heartbeat period.

Say if the previous price point for WETH is 1000 USD, the price will only be updated once the price goes up to more than 1005 USD or down to less than 995 USD.

Impact

When the market price of WETH is lower than the oracle price, it is possible to mint 1000 USSD by using 1 WETH and selling it to DAI, causing the quality of the collateral for USSD to continuously decrease and the value to be leaked to the arbitragers.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L150-L173

Tool used

Manual Review

Recommendation

Consider adding a minting fee of 0.5% to 1% (should be higher than the deviation).

0xRobocop commented 1 year ago

Escalate for 10 USDC

This is not an issue, it assumes that a "real-time" price exists which is theoretically impossible. In reality there is no way to value a collateral precisely to a "real-time" price because this "price" does not exists and the markets are aligned thanks to arbitrageurs.

We cannot say that the chainlink price (if chainlink is behaving properly and contract consumes the prices safely) is below or above the "market-price", because there is no such "market-price", what we can say is that some market has a different price than chainlink's oracle. For example the ETH / DAI uniswap pool may have the price of 1 ETH for 996 DAI and chainlink's price may be 1 ETH for 1000 DAI. Watson argues that this scenario will:

cause the quality of the collateral for USSD to continuously decrease and the value to be leaked to the arbitragers.

Which is not true, what will happen is the next:

sherlock-admin commented 1 year ago

Escalate for 10 USDC

This is not an issue, it assumes that a "real-time" price exists which is theoretically impossible. In reality there is no way to value a collateral precisely to a "real-time" price because this "price" does not exists and the markets are aligned thanks to arbitrageurs.

We cannot say that the chainlink price (if chainlink is behaving properly and contract consumes the prices safely) is below or above the "market-price", because there is no such "market-price", what we can say is that some market has a different price than chainlink's oracle. For example the ETH / DAI uniswap pool may have the price of 1 ETH for 996 DAI and chainlink's price may be 1 ETH for 1000 DAI. Watson argues that this scenario will:

cause the quality of the collateral for USSD to continuously decrease and the value to be leaked to the arbitragers.

Which is not true, what will happen is the next:

    1. User will send 1 ETH to the USSD protocol and receive 1000 USSD.
    1. User will change 1000 USSD for 1000 DAI.
    1. User will buy ETH in uniswap with the 1000 DAI and receive 1.004 ETH, driving up the price of ETH in uniswap.
    1. User will repeat the process until the uniswap price is equal to the chainlink price and the arbitrage is no longer possible.
    1. ETH price increased in the "below-price" market, making the ETH collateral of the USSD protocol more valuable across different markets.

You've created a valid escalation for 10 USDC!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

twicek commented 1 year ago

Escalate for 10 USDC

I agree with the comments made by 0xRobocop, this report describe a common scenario that lead to an arbitrage opportunity, which is not an issue. Hitting the deviation threshold will lead for the price to be updated earlier than usual which will naturally lead to the arbitrage opportunity described by 0xRobocop. Adding a minting fee could actually be more detrimental since it would prevent arbitrager from getting the USSD / DAI Pool to equilibrium.

sherlock-admin commented 1 year ago

Escalate for 10 USDC

I agree with the comments made by 0xRobocop, this report describe a common scenario that lead to an arbitrage opportunity, which is not an issue. Hitting the deviation threshold will lead for the price to be updated earlier than usual which will naturally lead to the arbitrage opportunity described by 0xRobocop. Adding a minting fee could actually be more detrimental since it would prevent arbitrager from getting the USSD / DAI Pool to equilibrium.

You've created a valid escalation for 10 USDC!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

ctf-sec commented 1 year ago

Agree with the escalation.

hrishibhat commented 1 year ago

Result: Medium Unique Considering this a valid medium. Lead Watson comment:

comment is basically describing the arbitrage CAN happen, the missing part there is ETH/DAI is a much deeper pool than USSD/DAI, the USSD/DAI pool will suffer a much bigger damage before the arbitrage opportunity disappears. This is not a common/natural scenario

sherlock-admin commented 1 year ago

Escalations have been resolved successfully!

Escalation status: