Possible arbitrage from Chainlink price discrepancy
Summary
The protocol calculates the amount of collateral based on Chainlink quotes, and Chainlink quotes are not real-time, which introduces deviations. This creates an arbitrage opportunity.
Vulnerability Detail
Currently UBIQUITY relies on the following chainlink price feeds in order to calculate LUSD / USD exchange rate:
#
Price Feed
Deviation
Heartbeat
1
LUSD / USD
1%
3600s
2
DAI / USD
0.25%
3600s
As we can see, an acceptable deviation for LUSD / USD price feed is about [-1% 1%], meaning that the nodes will not update an on-chain price, in case the boundaries are not reached within the 24h period. These deviations are significant enough to open an arbitrage opportunities which will impact an overall LUSD / USD exchange rate badly.
As we can see, an acceptable deviation for LUSD / USD price feed is about [-1% 1%], meaning that the nodes will not update an on-chain price, in case the boundaries are not reached within the 24h period. These deviations are significant enough to open an arbitrage opportunities which will impact an overall LUSD / USD exchange rate badly.
In the mintDollar() function, the protocol calculates the required collateralNeeded using dollarAmount/collateralPrices.
Similarly, in the redeemDollar() function, it calculates collateralOut for the user using the same method. If the collateral price is at its maximum (+1%) during mintDollar() and at its minimum (-1%) during redeemDollar(), an arbitrage opportunity arises.
Bauer
high
Possible arbitrage from Chainlink price discrepancy
Summary
The protocol calculates the amount of collateral based on Chainlink quotes, and Chainlink quotes are not real-time, which introduces deviations. This creates an arbitrage opportunity.
Vulnerability Detail
As we can see, an acceptable deviation for LUSD / USD price feed is about [-1% 1%], meaning that the nodes will not update an on-chain price, in case the boundaries are not reached within the 24h period. These deviations are significant enough to open an arbitrage opportunities which will impact an overall LUSD / USD exchange rate badly.
As we can see, an acceptable deviation for LUSD / USD price feed is about [-1% 1%], meaning that the nodes will not update an on-chain price, in case the boundaries are not reached within the 24h period. These deviations are significant enough to open an arbitrage opportunities which will impact an overall LUSD / USD exchange rate badly. In the
mintDollar()
function, the protocol calculates the required collateralNeeded usingdollarAmount/collateralPrices
.Similarly, in the
redeemDollar()
function, it calculatescollateralOut
for the user using the same method. If the collateral price is at its maximum (+1%) during mintDollar() and at its minimum (-1%) during redeemDollar(), an arbitrage opportunity arises.Impact
Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L355
Tool used
Manual Review
Recommendation
I was thinking about utilizing multiple price oracles, which could potentially close any profitable opportunities
Duplicate of #72