Upgraded Q -> M from #336 [1668467652322] #508
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
duplicate-430
satisfactory
satisfies C4 submission criteria; eligible for awards
Judge has assessed an item in Issue #336 as M risk. The relevant finding follows:
[L-1]: Volatility accumulator can be be prevented from decaying by way of dust transactions
There is no required minimum swap amount for updating the volatility accumulated. The _fp.time is always updated during a swap.
src/libraries/FeeHelper.sol-69- }
src/libraries/FeeHelper.sol-70- }
src/libraries/FeeHelper.sol-71-
src/libraries/FeeHelper.sol:72: _fp.time = (block.timestamp).safe40(); /// @Audit LOW: This can be updated with dust txs.
src/libraries/FeeHelper.sol-73-
src/libraries/FeeHelper.sol-74- updateVolatilityAccumulated(_fp, _activeId);
src/libraries/FeeHelper.sol-75- }
By making dust transactions within the filter period interval, one can keep the volatility accumulator from decaying. This can be used to manipulate the volatility fees. This can be a profitable attack after the active bin moves by few hundred bins, hence _activeId.absSub(_fp.indexRef) is high enough when updating the volatility fee.
Consider requiring a minimum amount when updating the _fp.time.
The text was updated successfully, but these errors were encountered: