Centralization Risk:

Summary

Centralization Risk: The oracle relies on a single Curve MetaPool, which could be a central point of failure or manipulation.

Vulnerability Detail

function setPool(address _pool, address _curve3CRVToken1) internal { require( IMetaPool(_pool).coins(0) == LibAppStorage.appStorage().dollarTokenAddress, "TWAPOracle: FIRST_COIN_NOT_DOLLAR" ); TWAPOracleStorage storage ts = twapOracleStorage();

    // coin at index 0 is Ubiquity Dollar and index 1 is 3CRV
    require(
        IMetaPool(_pool).coins(1) == _curve3CRVToken1,
        "TWAPOracle: COIN_ORDER_MISMATCH"
    );

    uint256 _reserve0 = uint112(IMetaPool(_pool).balances(0));
    uint256 _reserve1 = uint112(IMetaPool(_pool).balances(1));

    // ensure that there's liquidity in the pair
    require(_reserve0 != 0 && _reserve1 != 0, "TWAPOracle: NO_RESERVES");
    // ensure that pair balance is perfect
    require(_reserve0 == _reserve1, "TWAPOracle: PAIR_UNBALANCED");
    ts.priceCumulativeLast = IMetaPool(_pool).get_price_cumulative_last();
    ts.pricesBlockTimestampLast = IMetaPool(_pool).block_timestamp_last();
    ts.pool = _pool;
    // dollar token is inside the diamond
    ts.token1 = _curve3CRVToken1;
    ts.price0Average = 1 ether;
    ts.price1Average = 1 ether;
}

Impact

The oracle relies on a single Curve MetaPool, which could be a central point of failure or manipulation.

Code Snippet

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibTWAPOracle.sol#L31

Tool used

Manual Review

Recommendation

sherlock-admin2 commented 6 months ago

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

Makes no sense, seems AI generated, same reporter as #186