Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.
Summary
Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.
Vulnerability Detail
In a previous competition, there was a fix for the sqrtPriceLimitX96 used to determine if the swap has front-run the trade. If the simulated swap causes the price limit to be higher than expected (or lower for a sell), the trade will revert. However, in this contract, there is no corresponding measures to address this issue.
In LiquidityManager.sol, _getCurrentSqrtPriceX96() use UniswapV3.slot0 to get the value of sqrtPriceX96.
However, the sqrtPriceX96 is pulled from Uniswap.slot0, which is the most recent data point and can be manipulated easily via MEV bots and Flashloans with sandwich attacks.
similar finding:
https://code4rena.com/reports/2023-05-maia#h-02-use-of-slot0-to-get-sqrtpricelimitx96-can-lead-to-price-manipulation
IceBear
medium
Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.
Summary
Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.
Vulnerability Detail
In a previous competition, there was a fix for the sqrtPriceLimitX96 used to determine if the swap has front-run the trade. If the simulated swap causes the price limit to be higher than expected (or lower for a sell), the trade will revert. However, in this contract, there is no corresponding measures to address this issue. In LiquidityManager.sol, _getCurrentSqrtPriceX96() use UniswapV3.slot0 to get the value of sqrtPriceX96. However, the sqrtPriceX96 is pulled from Uniswap.slot0, which is the most recent data point and can be manipulated easily via MEV bots and Flashloans with sandwich attacks. similar finding: https://code4rena.com/reports/2023-05-maia#h-02-use-of-slot0-to-get-sqrtpricelimitx96-can-lead-to-price-manipulation
Impact
Code Snippet
https://github.com/sherlock-audit/2024-02-leverage-contracts/blob/main/wagmi-leverage/contracts/abstract/LiquidityManager.sol#L345
Tool used
Manual Review
Recommendation
Use TWAP rather than slot0.
Duplicate of #1