Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

slot0 Reliance in swap Allows Price Manipulation #39

Closed
howlbot-integration bot opened this issue Nov 4, 2024 · 1 comment
Closed

slot0 Reliance in swap Allows Price Manipulation #39

howlbot-integration bot opened this issue Nov 4, 2024 · 1 comment
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-27 🤖_03_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards

Comments

@howlbot-integration
Copy link

Lines of code

https://github.com/ronin-chain/katana-v3-contracts/blob/03c80179e04f40d96f06c451ea494bb18f2a58fc/src/core/KatanaV3Pool.sol#L552

Vulnerability details

Summary

The KatanaV3Pool contract has a vulnerability that allows attackers to manipulate the price of tokens during swaps. This is because the contract uses the instantaneous price from slot0, which can be manipulated through MEV bots or flash loan attacks.

The bug lies in how it fetches and uses price data during a swap.

The contract stores critical pool state in a Slot0 struct:

struct Slot0 {
    // the current price
    uint160 sqrtPriceX96;
    // ... other pool state variables
}
Slot0 public override slot0;

The swap() function uses the sqrtPriceX96 from slot0 to calculate swap amounts and execute trades:

function swap(
    // ... function parameters
) external override returns (int256 amount0, int256 amount1) {
    // ...

    Slot0 memory slot0Start = slot0; // Fetching price from slot0

    // ... logic for performing the swap using sqrtPriceX96 from slot0Start
}

The problem is that slot0.sqrtPriceX96 reflects the current instantaneous price. This value can be manipulated by attackers using techniques like:

  • Miner Extractable Value (MEV) bots: These bots can analyze pending transactions, identify profitable arbitrage opportunities, and insert their own transactions to manipulate the price before the victim's transaction is included in a block.
  • Flash Loan Attacks: Attackers can take out a flash loan, use it to influence the token prices on the underlying DEX, and then execute a swap on KatanaV3Pool at the manipulated price, profiting from the artificial price difference.

Scenario

Imagine the fair price of token A is 10 tokens of B. An attacker might use a flash loan to briefly drive the price of token A up to 15 tokens of B on the underlying DEX. Because KatanaV3Pool uses the instantaneous slot0 price, the attacker could then swap a large amount of token B for token A at this inflated price. Once the attacker repays the flash loan, the price of token A returns to normal, leaving the attacker with a significant profit and the pool with a loss.

Impact

  • Financial Loss: The most direct impact is financial loss for users who interact with the swap() function. They may receive less of the desired token than expected due to the manipulated price.
  • Loss of Funds: In extreme cases, if the price manipulation is severe, the pool could lose significant value, potentially draining its liquidity.

Recommended Solution

To fix this vulnerability, the KatanaV3Pool contract should be modified to use a TWAP for price retrieval instead of relying on the instantaneous slot0 price. This would involve:

  • Storing Price History: The contract needs to store historical price data at regular intervals.
  • Calculating TWAP: Implement a function to calculate the TWAP over a defined period (e.g., the last hour) using the stored price history.
  • Using TWAP in swap(): Modify the swap() function to use the calculated TWAP instead of slot0.sqrtPriceX96 for price determination.

Assessed type

Oracle
@howlbot-integration howlbot-integration bot added 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value 🤖_03_group AI based duplicate group recommendation bug Something isn't working duplicate-27 sufficient quality report This report is of sufficient quality labels Nov 4, 2024
howlbot-integration bot added a commit that referenced this issue Nov 4, 2024
@howlbot-integration
NexusAudits issue #39
18f43c4
@c4-judge c4-judge added the unsatisfactory does not satisfy C4 submission criteria; not eligible for awards label Nov 11, 2024
@c4-judge
Copy link

alex-ppg marked the issue as unsatisfactory:
Invalid

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working duplicate-27 🤖_03_group AI based duplicate group recommendation sufficient quality report This report is of sufficient quality unsatisfactory does not satisfy C4 submission criteria; not eligible for awards
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@c4-judge