BaldHeads - Manipulability of Tick Data in Velodrome Pool Leading to Vulnerabilities in Volatility Check Mechanism

[sherlock-admin3]

BaldHeads

medium

Manipulability of Tick Data in Velodrome Pool Leading to Vulnerabilities in Volatility Check Mechanism

Summary

The Tick value, which is the latest Tick data from the Velodrome pool, can be easily manipulated by anyone. This can be achieved by swapping tokens before the Tick value is read by the Strategy and swapping back immediately after.

Vulnerability Detail

The function StrategyPassiveManagerVelodrome::currentTick() in the contract can be easily manipulated by anyone. This manipulation is possible because the function reads the current Tick from the pool, which can be temporarily altered through token swaps.

Impact

This vulnerability impacts the StrategyPassiveManagerVelodrome::isCalm function, which is used to check if the market is not too volatile to prevent users from experiencing direct Impermanent Loss.

Code Snippet

• isCalm function
• currentTick function

Tool used

Manual Review

Recommendation

Use an Oracle to verify the price or compare two TWAPs (Time-Weighted Average Prices) with different durations to determine if there are significant price changes.

[MirthFutures]

IsCalm() works as intended