Closed sherlock-admin2 closed 6 months ago
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
No proof, seems AI generated
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
No proof, seems AI generated
Invalid, insufficient proof of how oracle can be manipulated
bareli
medium
Oracle Manipulation
Summary
Oracle Manipulation: The contract relies on external data from a Curve MetaPool. If the pool's data can be manipulated (e.g., through flash loan attacks), the TWAP oracle could provide inaccurate price data.
Vulnerability Detail
function update() external { LibTWAPOracle.update(); }
Impact
LibTWAPOracle will be affected
Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/facets/TWAPOracleDollar3poolFacet.sol#L32
Tool used
Manual Review
Recommendation