FastTiger - If a user predicts that the ChainLinkPrice price will fall, he or she may preserve the value of his collateral and the protocol may suffer damages.

[sherlock-admin2]

FastTiger

high

If a user predicts that the ChainLinkPrice price will fall, he or she may preserve the value of his collateral and the protocol may suffer damages.

Summary

If the user predicts that the price of the collateral will fall in ChainLink, mintDollar() is performed before the price falls, and redeemDollar() is performed after the price falls.

Users can preserve the value of their collateral by spending only GAT and fees. This can cause damage to the protocol.

Vulnerability Detail

In the protocol, the updateChainLinkCollateralPrice() function is called within the mintDollar() and redeemDollar() functions to fetch the current collateral price.

The user currently predicts that the price of collateral will fluctuate on ChainLink in collateralPriceFeedAddresses[collateralIndex]. Users perform the following operations to reduce damage caused by price fluctuations (for example, collateral is DAI).

Example.

Attacker estimate that the price of DAI is to be decreased from 0.13 to 0.12.

Attacker already holds 10,000 of DAI tokens.

1. Mint 10,000 DAI and receive 1,300 Ubiquity Dollar Token.
2. The price of DAI is decreased from 0.13 to 0.12
3. Attacker soon redeems 1,300 Ubiquity Dollar Token to 10,833 DAI. (should receive: 1,300/0.12=10,833)

The attacker just made 833 DAI profit and the protocol will deduct the collateral by this amount.

Impact

Attacker can gain profit and the protocol can lose collateral.

Code Snippet

ubiquity-dollar/packages/contracts/src/dollar/LibUbiquityPool.sol:L326 ubiquity-dollar/packages/contracts/src/dollar/LibUbiquityPool.sol:L399

Tool used

Manual Review

Recommendation

1. The source retrieves prices from one place, that is, the ChainLink Price feed, but the values must be retrieved from multiple places and averaged.

2. Add the following structure to LibUbiquityPool.sol. struct MintInfo{ uint256 price; uint256 mintTime; }

Add the following variables to struct UbiquityPoolStorage.

• mapping(address user => mapping(uint256 collateralIndex => MintInfo info)) lastMintCollateralPrice;

• bool[] is SpecialRedeemPaused; function MintDollar( uint256 collateralIndex, uint256 dollarAmount, uint256 dollarOutMin, uint256 maxCollateralIn ){ ... //check the pool ceiling require( freeCollateralBalance(collateralIndex).add(collateralNeeded) <= poolStorage.poolCeilings[collateralIndex], "Pool ceiling" );

  • MintInfo storage mintiInfo=poolStorage.lastMintCollateralPrice[msg.sender][collateralIndex];
  • mintInfo.price=poolStorage.collateralPrices[collateralIndex];
  • mintInfo.mintTime=block.timestamp; ... }

function redeemDollar( uint256 collateralIndex, uint256 dollarAmount, uint256 collateralOutMin ){ ... require(collateralOut>=collateralOutMin, "Collateral slippage");

• require(
• poolStorage.isSpecialRedeemPaused[collateralIndex]==true &&
• (poolStorage.lastMintCollateralPrice[msg.sender][collateralIndex].price>poolStorage.collateralPrices[collateralIndex] &&
• poolStorage.lastMintCollateralPrice[msg.sender][collateralIndex].mintTime<1 days, // 1 days is for example. Properly value must be set by admin.
• "Redeeming is paused"
• ); ... ) }

function toggleMintRedeemBorrow( uint256 collateralIndex, uint8 toggleIndex ) internal { ... else if(toggleIndex==2) poolStorage.isBorrowPaused[collateralIndex]=!poolStorage.isBorrowPaused[collateralIndex];

• else if(toggleIndex==3)
• poolStorage.isSpecialRedeemPaused[collateralIndex]=!poolStorage.isSpecialRedeemPaused[collateralIndex]; ...
  }

Duplicate of #72

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

REF #080

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

REF #080