Closed sherlock-admin closed 6 months ago
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Flashloan does not affect TWAP because in Curve, token balances are recorded before any liquidity changes. Refer to Curve's _update function
1 comment(s) were left on this issue during the judging contest.
auditsea commented:
Flashloan does not affect TWAP because in Curve, token balances are recorded before any liquidity changes. Refer to Curve's _update function
cducrest-brainbot
high
LibTWAPOracle price can be manipualted through falsh loans
Summary
The LibTWAPOracle bases the TWAP price for Ubiquity dollar on a curve meta pool for 3CRV / Ubiquity dollar. The currently deployed version of that pool uses current pool balance to compute the TWAP price which can easily be manipulated though flash loans.
Anyone can manipulate the price of Ubiquity dollar reflected by that pool. This will allow for minting/redeeming Ubiquity dollar on
LibUbiquityPool.sol
when normally not possible.Vulnerability Detail
The function to update the price of Ubiquity dollar and 3CRV calls
pool.get_dy()
with the twap balances.get_dy()
gets the amount of CRV out for 1 ether of Ubiquity dollar in.get_twap_balances()
gets the average balance across two cumulative prices:The cumulative prices are fetched by
LibTWAPOracle
viacurrentCumulativePrices()
:This calls on the metapool:
The value of
price_cumulative_last
is updated in:This purely takes into account the current balance in token of the contract multiplied by the elapsed time. This balance can easily be manipulated by depositing / withdrawing from the metapool.
The
_update()
function is called at the beginning of any pool function that impacts its balance.Impact
An attacker can flash loans and exchange to get 3CRV tokens, deposit a large amount of 3CRV tokens into the metapool, and trigger an update of the cumulative prices via any pool action. This will increase the perceived price of Ubiquity tokens.
This will allow minting Ubiquity tokens in
LibUbiquityPool.sol
when the minting should have been impossible with fair Ubiquity dollar price.The opposite behaviour where the perceived price of Ubiquity tokens is decreased is also possible if Ubiquity dollars can somehow be flash loaned / exchanged in flash loans or if the attacker holds LP tokens in the meta pool.
This will bring more instability to the Ubiquity dollar as the mechanism supposed to stabilize the coin can be abused.
Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibTWAPOracle.sol#L68-L102
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibTWAPOracle.sol#L129-L137
https://etherscan.io/address/0x20955CB69Ae1515962177D164dfC9522feef567E#code
Tool used
Manual Review
Recommendation
In
LibTWAPOracle
only use cumulative prices of previous blocks instead of also relying on the current block.Duplicate of #56