GatewayGuardians - Ubiquity Pool: TWAP price oracle manipulation to steal collateral tokens

[sherlock-admin2]

GatewayGuardians

high

Ubiquity Pool: TWAP price oracle manipulation to steal collateral tokens

Summary

• The attacker can take advantage of collateral price fluctuation to redeem more collateral at will.
• LibUbiquityPool: https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L284

  Vulnerability Detail

• According to the conversation with the devs:
  • The new curve pool liquidity will be 50k uAD + 50k 3CRV
  • The minting and redeeming fees will be set to 0 for some duration after launch.
• Pre-conditions:
  • uAD Price increases to $1.01
  • LUSD price is $1.03
  • Mints are open and the ubiquity pool already has some collateral due to previous mints by other users.
• Attack:
  • Alice mints 100,000 uAD from ubiquity pool's mintDollar function in exchange for ~97,000 LUSD
  • After some time, the uAD price restabilizes back to $1
  • Alice waits for LUSD to drop to $0.99
  • As soon as the LUSD price approaches $0.99, Alice swaps the uAD-3CRV pool to decrease the price of uAD
  • Alice waits ~10 minutes for TWAP to catch up to $0.99 for uAD
  • Alice then makes a reverse swap to get back her uAD from the 3CRV pool
  • Now that the uAD price is below $0.99, redeems are open
  • So, Alice instantly takes her ~100k uAD and redeems it for~101k LUSD
  • Total Spent: 97,000 LUSD (for minting uAD) + ~$50 (Slippage for swapping twice [uAD to 3CRV then 3CRV to uAD])
  • Total Received:101,000 LUSD
  • Profit: ~3,800 LUSD
• The main point that separates this attack from a normal arbitrage is that the attacker can manipulate the curve TWAP price oracle to reduce the price and activate redeems for their benefit.

Impact

• The profit percentage depends upon the percent decrease in the value of collateral (in this case, LUSD)
• LUSD is more volatile than DAI
• Here's the lowest and highest LUSD price within the last 30 days. It's 6%!
• As the minting and redeeming fees increase, it will require more amount of uAD to extract profit.

  Code Snippet

• Gist link to PoC: https://gist.github.com/0x3agle/ee8c2c0d1cad2885f6b7fa5623b4bf4d
• Save the code in ubiquity-dollar/packages/contracts/test/Attack.sol and run forge test --mc "Attack_Manipulation" -vv
• Output:

  
  [PASS] test_pool_attack() (gas: 1791608)
  Logs:
  [+] uAD price is $1.011, mints are enabled. LUSD price is at $1.03, The pool already has some collateral deposited
  [-] uAD TWAP Price 1034359621414925833
  [+] Alice mints 100K uAD for ~97k LUSD
  [+] Simulating Restablization of uAD price to $1
  [-] uAD TWAP Price 1000139415389109396
  [+] LUSD drops to $0.99
  [+] Alice manipulates the Curve Pool to decrease uAD Price
  [-] uAD TWAP Price 986546846085390776
  [+] Alice withdraws back the uAD from CurvePool
  [+] Alice redeems all the uAD in UbiquityPool
  =========  PROFIT: 3892545951859728788861 LUSD =========

Test result: ok. 1 passed; 0 failed; 0 skipped; finished in 1.44s

Ran 1 test suites: 1 tests passed, 0 failed, 0 skipped (1 total tests)

- Formula that calculates collateralAmount from the uAD amount and collateral price:
```solidity
uint collateralAmount = dollarAmount
                        .mul(UBIQUITY_POOL_PRICE_PRECISION)
                        .div(10 ** poolStorage.missingDecimals[collateralIndex])
                        .div(poolStorage.collateralPrices[collateralIndex]);

Tool used

Manual Review

Recommendation

• The recommendation is to deploy the curve pool with more liquidity to increase the cost of attack.
• Plus, there should be some fees for minting and redeeming after deployment to decrease attacker profit.

Duplicate of #56

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

REF #080

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

REF #080