UniswapV3 slot0 should not be used to get price as it can be manipulated. #4
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
edited-by-warden
🤖_05_group
AI based duplicate group recommendation
sufficient quality report
This report is of sufficient quality
Lines of code
https://github.com/code-423n4/2024-05-predy/blob/2fb1e0ec7a52fc06c2e9c8e561bccba84302e4bb/src/libraries/UniHelper.sol#L14
https://github.com/code-423n4/2024-05-predy/blob/2fb1e0ec7a52fc06c2e9c8e561bccba84302e4bb/src/PredyPool.sol#L346
Vulnerability details
Impact
UniswapV3 slot0 should not be used to get price as it can be manipulated
Vulnerability Details
The use of slot0 to obtain sqrtPrice is heavily discouraged as it is easy to manipulate as it represents the current price rather a time weighted price. An attacker can therefore use flash loans to shift the slot0 by doing large swaps on Uniswap.
Proof of Concept
slot0 is used to obtain sqrtPrice as seen below.
UniHelper.sol#L14
PredyPool.sol#L346
References:
code-423n4/2024-04-panoptic-findings#537
Tools Used
Manual review
Recommended Mitigation Steps
The protocol should consider using the TWAP price.
Assessed type
Uniswap
The text was updated successfully, but these errors were encountered: