UToken failed to consider temporary depegging of USDC, USDT, DAI
Summary
The UToken Borrow contracts assume that the ratio of USD: USDC is 1:1, hence no oracle was used.
Vulnerability Detail
A user can take advantage of a temporary depeg of say 1 : 0.97, to borrow large enough tokens and pay back the borrowed tokens when depeg is rebalanced say 1: 0.99, 0.02 * 10000, is 200 USD value lost due to bad debt
John_Femi
Medium
UToken failed to consider temporary depegging of USDC, USDT, DAI
Summary
The UToken Borrow contracts assume that the ratio of USD: USDC is 1:1, hence no oracle was used.
Vulnerability Detail
A user can take advantage of a temporary depeg of say 1 : 0.97, to borrow large enough tokens and pay back the borrowed tokens when depeg is rebalanced say 1: 0.99, 0.02 * 10000, is 200 USD value lost due to bad debt
Impact
Loss of funds, bad debt
Code Snippet
https://github.com/sherlock-audit/2024-06-union-finance-update-2/blob/main/union-v2-contracts/contracts/market/UToken.sol#L611
Tool used
Manual Review
Recommendation