search

sherlock-audit / 2023-12-ubiquity-judging

2 stars 2 forks source link

deepplus - When mint/redeem Ubiquity dollar token, the amount of collateral token is calculated incorrectly. #104

Closed sherlock-admin2 closed 9 months ago

sherlock-admin2 commented 9 months ago

deepplus

high

When mint/redeem Ubiquity dollar token, the amount of collateral token is calculated incorrectly.

Summary

In mintDollar and redeemDollar functions of LibUbiquityPool.sol contract, the amount of collateral token is not calculated correctly based on the price of dollar token.

Vulnerability Detail

To mint dollar token, an account should send its some collateral token to the ubiquity pool. The amount of collateral token to be sent will be decided based on the value of dollar token to be minted. And the value should be decided based on the minting amount and the current price of dollar token. But in this codebase, they calculate needed collateral amount based on only amount of dollar token.

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L354-L355

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L284-L294

Therefore, needed collateral amount is calculated with non-intentional assumption that dollar price is $1. This can led to the result that account would send less collateral token than expected if mintPriceThreshold is higher than $1 (This is common case). In redeemDollar function, there is the same issue. In this case, an account may receive more collateral token than expected.

Impact

When mint dollar token, an account may transfer less collateral token than expected. In the other hand, when redeem dollar token, an account may receive more collateral token than expected.

Code Snippet

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L284-L294

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L354-L355

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L434-L435

Tool used

Manual Review

Recommendation

Calculate the amount of needed collateral based on the amount and price of dollar token

priceOfDollar = getDollarPriceUsd();
collateralNeeded = getDollarInCollateral(collateralIndex, dollarAmount*priceOfDollar)

Duplicate of #157

sherlock-admin2 commented 9 months ago

2 comment(s) were left on this issue during the judging contest.

0xLogos commented:

dollar is pegged to 1$ within the system to allow arbitrage

auditsea commented:

$1e-6 can be freely minted, can't even compensate gas

sherlock-admin2 commented 9 months ago

2 comment(s) were left on this issue during the judging contest.

0xLogos commented:

dollar is pegged to 1$ within the system to allow arbitrage

auditsea commented:

$1e-6 can be freely minted, can't even compensate gas