This repository has been archived by the owner on May 26, 2023. It is now read-only.
clems4ever - In some cases a hundred tokens is a too large value to use for pricing liquidity #159
Labels
Comments
|
Sponsor confirmed, duplicate of issue #46 however we also noted in our documentation that this value can change for different deployments "the HUNDRED_TOKENS can be swapped out to ensure the value of the swap remain around $100 or larger." from docs/DepositReceipts_USDC.md |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
clems4ever
medium
In some cases a hundred tokens is a too large value to use for pricing liquidity
Summary
In
DepositReceipt_ETH.solandDepositReceipt_USDC.solinpriceLiquidityl:87:In some cases a hundred tokens is a large value (example wBTC: equivalent to 1M$), and would cause critical functionality to revert due to checks in
priceLiquidityhttps://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Velo-Deposit-Tokens/contracts/DepositReceipt_USDC.sol#L75
https://github.com/sherlock-audit/2022-11-isomorph/blob/main/contracts/Velo-Deposit-Tokens/contracts/DepositReceipt_ETH.sol#L93
Vulnerability Detail
An attacker could provide liquidity to the pool and temporarily stabilize price to pass the checks. Then during normal market conditions his positions cannot be liquidated due to a revert in
priceLiquidity.Impact
The condition is too strict for some type of tokens, and may lead to some users not being able to be liquidated. Leading to bad debt for the protocol.
Code Snippet
Tool used
Manual Review
Recommendation
Adapt this
probingvalue to be a function of the price of the token itself.Duplicate of #46
The text was updated successfully, but these errors were encountered: