FlashSwapRouter:getCurrentPriceRatio() is vulnerable to flashloan price manipulation.
Summary
The FlashSwapRouter:getCurrentPriceRatio() function fetches the price ratio of a token pair based on the amounts of tokens in Uniswap reserves. This ratio is highly susceptible to manipulation through flash loans.
Vulnerability Detail
The FlashSwapRouter:getCurrentPriceRatio function is responsible for returning the price ratio of a token pair from the uniswapPair by calculating the ratio of both tokens' reserves. It retrieves this price ratio by calling the DsFlashSwap:getPriceRatio function.
The redemption asset (RA) can be DAI, USDT, ETH, or any other token, and its reserves can be easily manipulated using flash loans. Consequently, a malicious user could artificially inflate or deflate the ratio, leading to the unintended minting of more tokens by manipulating the price ratio.
Impact
The vulnerability allows an attacker to manipulate the price ratio between tokens by temporarily altering the reserves with a flash loan, leading to incorrect pricing and potentially resulting in significant financial loss or the creation of excessive tokens.
To mitigate this vulnerability, consider implementing a time-weighted average price (TWAP) for the token pair pricing or using a decentralized oracle that is resistant to manipulation by flash loans.
nikhil840096
Medium
FlashSwapRouter:getCurrentPriceRatio()
is vulnerable to flashloan price manipulation.Summary
The
FlashSwapRouter:getCurrentPriceRatio()
function fetches the price ratio of a token pair based on the amounts of tokens in Uniswap reserves. This ratio is highly susceptible to manipulation through flash loans.Vulnerability Detail
The
FlashSwapRouter:getCurrentPriceRatio
function is responsible for returning the price ratio of a token pair from theuniswapPair
by calculating the ratio of both tokens' reserves. It retrieves this price ratio by calling theDsFlashSwap:getPriceRatio
function.Within the
DsFlashSwap:getPriceRatio
function:ct
(collateral token) andra
(redemption asset) tokens in the pool and calculates their ratio.The redemption asset (
RA
) can beDAI
,USDT
,ETH
, or any other token, and its reserves can be easily manipulated using flash loans. Consequently, a malicious user could artificially inflate or deflate the ratio, leading to the unintended minting of more tokens by manipulating the price ratio.Impact
The vulnerability allows an attacker to manipulate the price ratio between tokens by temporarily altering the reserves with a flash loan, leading to incorrect pricing and potentially resulting in significant financial loss or the creation of excessive tokens.
Code Snippet
Tools Used
Recommendation
To mitigate this vulnerability, consider implementing a time-weighted average price (TWAP) for the token pair pricing or using a decentralized oracle that is resistant to manipulation by flash loans.