Closed sherlock-admin4 closed 3 months ago
bareli
medium
Here we are using the sqrtPrice() function in the following functions _addLiquidity() ,_checkAmounts, balancesOfPool(), price().
function sqrtPrice() public view returns (uint160 sqrtPriceX96) { @> (sqrtPriceX96,,,,,) = IVeloPool(pool).slot0(); }
slot0 is the most recent data point and is therefore extremely easy to manipulate.
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L609
Manual Review
To make any calculation use a TWAP instead of slot0.
Duplicate of #10
bareli
medium
Usage of slot0 is extremely easy to manipulate
Summary
Vulnerability Detail
function sqrtPrice() public view returns (uint160 sqrtPriceX96) { @> (sqrtPriceX96,,,,,) = IVeloPool(pool).slot0(); }
Impact
slot0 is the most recent data point and is therefore extremely easy to manipulate.
Code Snippet
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/main/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L609
Tool used
Manual Review
Recommendation
To make any calculation use a TWAP instead of slot0.
Duplicate of #10