search

sherlock-audit / 2024-05-beefy-cowcentrated-liquidity-manager-judging

5 stars 5 forks source link

jasonxiale - spot price is used in `StrategyPassiveManagerVelodrome.sqrtPrice` #109

Closed sherlock-admin4 closed 2 months ago

sherlock-admin4 commented 2 months ago

jasonxiale

medium

spot price is used in StrategyPassiveManagerVelodrome.sqrtPrice

Summary

Spot price is used in StrategyPassiveManagerVelodrome.sqrtPrice, which is easy to manipulate.

Vulnerability Detail

According to StrategyPassiveManagerVelodrome.sqrtPrice, the function is derived from slot0(), which can be easily manipulated

617     function sqrtPrice() public view returns (uint160 sqrtPriceX96) {
618         (sqrtPriceX96,,,,,) = IVeloPool(pool).slot0();
619     }

And StrategyPassiveManagerVelodrome.sqrtPrice is used by other functions like _addLiquidity

And _addLiquidity is used in functions like moveTicks, and setPositionWidth without slippage protection

Impact

A malicious user can manipulate the amounts in the pool by using large buys/sells order to alter the composition of liquidity.

Code Snippet

617     function sqrtPrice() public view returns (uint160 sqrtPriceX96) {
618         (sqrtPriceX96,,,,,) = IVeloPool(pool).slot0();
619     }

Tool used

Manual Review

Recommendation

Duplicate of #10