search

sherlock-audit / 2023-10-real-wagmi-judging

16 stars 14 forks source link

Bandit - Lender can manipulate liquidty value before `borrow` or`repay` to increase the amount borrower needs to repay #111

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

Bandit

high

Lender can manipulate liquidty value before borrow orrepay to increase the amount borrower needs to repay

Summary

When a borrower calls repay or borrow, the lender can increase the amount of liquidity the have to pay back by manipulating the Uniswap v3 pool price.

Vulnerability Details

When a borrower calls funds, the uniswap position values the tokens at the current tick price. When a borrower initiates a loan, the lender can push the price so that the hold token is overpriced relative to the swap token. This means that it requires more liquidity for the borrower to pay back the loan.

The cost of liquidity position, even after exchaning tokens differs at different points in a price curve.

This means that the borrower ultimately has to pay that inflated liquidity amount to the lender resulting in a large profit for them.

Impact

Lender can steal funds from borrower.

Code Snippet

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L532-L674

Tool used

Manual Review

Recommendation

Add an optional slippage parameter(s) for borrow and repay functions to prevent frontrunning manipulation.

OndrejJuda commented 1 year ago

Escalate

This issue is invalid because user has an option to specify max collateral he is willing to pay for the position.

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/b33752757fd6a9f404b8577c1eae6c5774b3a0db/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L493-L495

sherlock-admin2 commented 1 year ago

Escalate

This issue is invalid because user has an option to specify max collateral he is willing to pay for the position.

https://github.com/sherlock-audit/2023-10-real-wagmi/blob/b33752757fd6a9f404b8577c1eae6c5774b3a0db/wagmi-leverage/contracts/LiquidityBorrowingManager.sol#L493-L495

You've created a valid escalation!

To remove the escalation from consideration: Delete your comment.

You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.

Czar102 commented 1 year ago

Planning to accept the escalation and invalidate the issue.

Evert0x commented 1 year ago

Result: Invalid Unique

sherlock-admin2 commented 1 year ago

Escalations have been resolved successfully!

Escalation status: