sherlock-audit / 2023-12-ubiquity-judging

2 stars 2 forks source link

ge6a - The 'Dollar price too low' check may be insufficient under certain circumstances #229

Closed sherlock-admin closed 10 months ago

sherlock-admin commented 10 months ago

ge6a

medium

The 'Dollar price too low' check may be insufficient under certain circumstances

Summary

In the event of a depeg of DAI and a suitable distribution of collateral tokens in the protocol, the check for the minimum price of the Ubiquity Dollar token may not be triggered, leading to potential harm to users during minting.

Vulnerability Detail

The function getTwapPrice() returns the price of 1 Ubiquity Dollar token measured in 3pool tokens. In the mintDollar function, there is a check whether this price is >= the pre-defined mintPriceThreshold. The goal is to prevent minting in this case because subsequent calculations assume that the price of the Ubiquity Dollar token is 1 USD. The issue with this workflow is that both the Ubiquity Dollar token and the 3pool token are dependent on the price of DAI. DAI constitutes over 50% of the 3pool pool in Curve. Additionally, DAI can be used as collateral for the Ubiquity Dollar token, thus influencing its price. In the event of a depeg of DAI and a suitable distribution of collateral tokens for the Ubiquity Dollar token, market prices for both the Ubiquity Dollar token and the 3pool token could fall below 1.

In this case, the expected behavior is for the check for the minimum acceptable price of the Ubiquity Dollar token to be triggered during minting, leading to the suspension of minting. However, due to the correlation between the two tokens from the Curve pool used to determine the price (Ubiquity Dollar token and 3pool token), this may not occur. As a result, users could be adversely affected by receiving Ubiquity Dollar tokens of lower value than the collateral they deposited.

Impact

Bypassing a crucial check during minting could result in financial losses for the user.

Code Snippet

https://github.com/sherlock-audit/2023-12-ubiquity/blob/d9c39e8dfd5601e7e8db2e4b3390e7d8dff42a8e/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L326-L386

Tool used

Manual Review

Recommendation

An idea for a solution is to add an additional check to verify whether the price of the 3pool token is >= 1, possibly using an oracle.

Duplicate of #17

sherlock-admin2 commented 10 months ago

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

Not required

sherlock-admin2 commented 10 months ago

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

Not required