Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A design flaw in the case of using 2 oracles (aka PegOracle) #283

Open
code423n4 opened this issue Sep 19, 2022 · 2 comments
Open

A design flaw in the case of using 2 oracles (aka PegOracle) #283

code423n4 opened this issue Sep 19, 2022 · 2 comments
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working old-submission-method selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue

Comments

@code423n4
Copy link
Contributor

Lines of code

https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/oracles/PegOracle.sol#L67-L71

Vulnerability details

Impact

A design flaw in the case of using 2 oracles (aka PegOracle)

Proof of Concept

Chainlink provides price feeds denominated either in ETH or USD. But some assets don't have canonical value accessed on-chain. An example would be BTC and it's many on-chain forms like renBTC, hitBTC, WBTC, aBTC etc... For example in the case of a market on renBTC depegging from BTC value, probably a pair like renBTC/WBTC would be used (leveraging PegOracle). But even if renBTC perfectly maintains it's value to BTC, the depeg event can be triggered when WBTC significantly depreciates or appreciates against BTC value. This depeg event will be theoretically unsound since renBTC behaved as expected. The flaw comes from PegOracle because it treats both assets symmetrically.

This is also true for ETH pairs like stETH/aETH etc.. or stablecoin pairs like FRAX/MIM etc..
Of course, it should never be used like this because Chainlink provides price feeds with respect to true ETH and USD values but we have found that test files include PegOracle for stablecoin pairs...

Tools Used

Manual

Recommended Mitigation Steps

Support markets only for assets that have access to an oracle with price against canonical value x/ETH or x/USD.
@code423n4 code423n4 added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working old-submission-method labels Sep 19, 2022
code423n4 added a commit that referenced this issue Sep 19, 2022
@code423n4
PwnPatrol issue #283
e8505c4
@MiguelBits MiguelBits mentioned this issue Sep 21, 2022
Closed
@MiguelBits MiguelBits added the duplicate This issue or pull request already exists label Sep 23, 2022
@0xnexusflip 0xnexusflip added resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") labels Sep 28, 2022
@0xnexusflip 0xnexusflip removed resolved Finding has been patched by sponsor (sponsor pls link to PR containing fix) sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity") labels Sep 29, 2022
@MiguelBits MiguelBits added sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue and removed duplicate This issue or pull request already exists labels Oct 3, 2022
@HickupHH3
Copy link
Collaborator

HickupHH3 commented Oct 18, 2022
edited
Loading

From what I understand, the warden is arguing that if the underlying asset is itself a pegged asset, then it wouldn't be a very good measure against the "canonical price".

Eg. MIM (pegged) -> USDC (underlying), and USDC de-pegs, even though MIM is close to $1, the protocol would recognise this as a de-peg event.

I agree with the issue, but disagree with the severity. The choice of the underlying token is quite obviously important; I think the sponsor can attest to this.

@3xHarry thoughts? Perhaps low severity is more appropriate because it isn't a technical vulnerability per-se, more of the choice of underlying to be used.

@HickupHH3 HickupHH3 reopened this Oct 18, 2022
@HickupHH3 HickupHH3 mentioned this issue Oct 18, 2022
Open
@HickupHH3
Copy link
Collaborator

Keeping high severity even though there are a couple of prerequisites:

  • the protocol uses a poor underlying token (Eg. USDT that has de-pegged to $0.97 before)
  • underlying token de-pegs substantially to inaccurately trigger (or not trigger) a de-peg event

I classify this as indirect loss of assets from a valid attack path that does not have hand-wavy hypotheticals

3 — High: Assets can be stolen/lost/compromised directly (or indirectly if there is a valid attack path that does not have hand-wavy hypotheticals).

@HickupHH3 HickupHH3 added the selected for report This submission will be included/highlighted in the audit report label Oct 18, 2022
@Jeiwan Jeiwan mentioned this issue Oct 27, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working old-submission-method selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@MiguelBits @code423n4 @HickupHH3 @0xnexusflip