You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
BondVault deposits match any deposited token amount with the BASE amount to provide liquidity, see Docs and DAO.handleTransferIn.
The matched BASE amount is the swap amount of the token trade in the pool.
An attacker can manipulate the pool and have the DAO commit BASE at bad prices which they then later buys back to receive a profit on BASE. This is essentially a sandwich attack abusing the fact that one can trigger the DAO to provide BASE liquidity at bad prices:
Manipulate the pool spot price by dripping a lot of BASE into it repeatedly (sending lots of smaller trades is less costly due to the path-independence of the continuous liquidity model). This increases the token per BASE price.
Repeatedly call DAO.bond(amount) to drip tokens into the DAO and get matched with BASE tokens to provide liquidity. (Again, sending lots of smaller trades is less costly.) As the pool contains low token but high BASE reserves, the spartaAllocation = _UTILS.calcSwapValueInBase(_token, _amount) swap value will be high. The contract sends even more BASE to the pool to provide this liquidity.
Unmanipulate the pool by sending back the tokens from 1. As a lot more BASE tokens are in the reserve now due to the DAO sending it, the attacker will receive more BASE as in 1. as well, making a profit
Impact
The DAO's Bond allocation can be stolen.
The cost of the attack is the trade fees in 1. + 3. as well as the tokens used in 2. to match the BASE, but the profit is a share on the BASE supplied to the pool by the DAO in 2.
Recommended Mitigation Steps
Track a TWAP spot price of the TOKEN <> BASE pair and check if the BASE incentive is within a range of the TWAP. This circumvents that the DAO commits BASE at bad prices.
The text was updated successfully, but these errors were encountered:
Implementing a TWAP needs more discussion and ideas to help with price manipulation.
Attacking BOND is limited by its allocation, time and the fact that it's locked over 6months.
Handle
cmichel
Vulnerability details
BondVault
deposits match any depositedtoken
amount with theBASE
amount to provide liquidity, see Docs andDAO.handleTransferIn
.The matched
BASE
amount is the swap amount of thetoken
trade in the pool.An attacker can manipulate the pool and have the
DAO
commitBASE
at bad prices which they then later buys back to receive a profit onBASE
. This is essentially a sandwich attack abusing the fact that one can trigger theDAO
to provideBASE
liquidity at bad prices:BASE
into it repeatedly (sending lots of smaller trades is less costly due to the path-independence of the continuous liquidity model). This increases thetoken
perBASE
price.DAO.bond(amount)
to driptokens
into theDAO
and get matched withBASE
tokens to provide liquidity. (Again, sending lots of smaller trades is less costly.) As the pool contains lowtoken
but highBASE
reserves, thespartaAllocation = _UTILS.calcSwapValueInBase(_token, _amount)
swap value will be high. The contract sends even more BASE to the pool to provide this liquidity.tokens
from 1. As a lot moreBASE
tokens are in the reserve now due to the DAO sending it, the attacker will receive moreBASE
as in 1. as well, making a profitImpact
The DAO's Bond allocation can be stolen.
The cost of the attack is the trade fees in 1. + 3. as well as the tokens used in 2. to match the
BASE
, but the profit is a share on theBASE
supplied to the pool by the DAO in 2.Recommended Mitigation Steps
Track a TWAP spot price of the
TOKEN <> BASE
pair and check if theBASE
incentive is within a range of the TWAP. This circumvents that theDAO
commitsBASE
at bad prices.The text was updated successfully, but these errors were encountered: