BLACK-PANDA-REACH - Overvalued collateral in case of USDC depeg

[sherlock-admin]

BLACK-PANDA-REACH

medium

Overvalued collateral in case of USDC depeg

Overvalued collateral in case of USDC depeg

Summary

In case of the USDC depegging, DSU will also be depeg from USD and all collateral of users would be overvalued.

Vulnerability Detail

In the Perennial docs it says that it's assumed that the USDC price will always be at $1:

Perennial uses $USD proxies (i.e. USDC/DSU) as collateral and assumes the price of these assets is $1.

But we've already seen scenarios where USDC has been depeg from USD so if that scenario repeats all collateral in Perennial would be overvalued and users could withdraw more than allowed, thus breaking maintenanceInvariant.

The most recent USDC depeg was in March 12, 2023, where USDC suddenly dropped in price and was trading at 87 cents at some point.

In cases like that, Perennial doesn't have a mechanism to check that USDC price is still $1 so in an event of depeg all users would have their collateral overvalued.

Impact

In case of a USDC depeg, all collateral would be overvalued so maintenanceInvariant would be broken allowing users to withdraw more collateral than they should.

Code Snippet

Maintenance invariant assumes that collateral value will always be in USD. https://github.com/sherlock-audit/2023-05-perennial/blob/main/perennial-mono/packages/perennial/contracts/collateral/Collateral.sol#L262-L271

Tool used

Manual Review

Recommendation

It's recommended to implement a mechanism to check that USDC is still pegged to USD to pause the protocol or apply changes in case of a USDC depeg.