sherlock-admin2
commented
6 months ago 1 comment(s) were left on this issue during the judging contest.
auditsea commented:
REF #080
Closed sherlock-admin closed 6 months ago
sherlock-admin2
commented
6 months ago 1 comment(s) were left on this issue during the judging contest.
auditsea commented:
REF #080
sherlock-admin2
commented
6 months ago 1 comment(s) were left on this issue during the judging contest.
auditsea commented:
REF #080
fugazzi
high
Intrinsic arbitrage in UbiquityPool could be used to steal value from the pool
Summary
Discrepancies in the Chainlink price feeds will lead to arbitrage opportunities that can be used to steal value from the pool in detriment of the protocol.
Vulnerability Detail
Chainlink price feeds do not reflect live and accurate prices, these follow different rules in order to update their values. There are two conditions that could trigger a price change, a heartbeat and a price deviation. A heartbeat updates the feed if the configured time since last update has elapsed, and the price deviation triggers the update when the price has moved above a configured percentage.
Since different collaterals have different price feeds that may have different conditions to trigger an update, it is expected that these are not updated in sync and may reflect relative discrepancies. These discrepancies may be abused by bad actors in order to mint dollars using a collateral of lower value and then redeem those dollars for a collateral of higher value. This can be profitable if the intrinsic arbitrage earnings exceed the minting and redeem fees (note that protocol team asserted these are going to be initially 0%, see https://discord.com/channels/812037309376495636/1191764748216303776/1194170711644844032).
Suppose we know token A has increased its value relative to token B, but this increase hasn't been reflected yet in the Chainlink price feed of token A since the update hasn't been triggered yet (suppose the difference is under the threshold). A bad actor can mint dollars with token B and then redeem in token A before the price is reflected in Chainlink.
Similarly, if we know token A has decreased its value, we can buy token A at the lower price, mint dollars using token A as collateral, and then redeem using another collateral (or even redeem in the same token A once the Chainlink price is updated).
Impact
Intrinsic arbitrage opportunities can be used to drain value from the pool.
Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L523-L562
Tool used
Manual Review
Recommendation
It would be quite hard to know the true price of an asset, as the Chainlink oracle only gives approximate prices. Since we know these real prices reside within specific ranges, it is possible to decrease the minted amounts within these ranges to prevent any potential arbitrage opportunities. Other price sources (like on-chain TWAP oracles) could be introduced as a control mechanism to prevent or reduce minting when deviations are presented between different sources.
Duplicate of #72