Sensitivity to rapid price change #287
Labels
old-submission-method
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Lines of code
https://github.com/code-423n4/2022-09-y2k-finance/blob/main/src/Controller.sol#L96-L99
Vulnerability details
Impact
Sensitivity to rapid price change
Proof of Concept
It is actually not rare for some stablecoins like DAI, MIM, FEI, or even USDT to flash-depeg for a very short amount of time. Currently, the protocol doesn't protect RISK users from such brief events.
It would be better if depeg event could be triggered only if the depeg happened for real. This would require either some form of TWAPing.
Tools Used
Manual review
Recommended Mitigation Steps
We recommend protecting RISK users from flash-depegs by utilizing TWAPing or an oracle that supports TWAP price feeds.
The text was updated successfully, but these errors were encountered: