Trading._checkDelay is not sufficient to prevent profiting when there are multiple valid prices for an asset #200
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-108
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/Trading.sol#L857-L868
Vulnerability details
Impact
User can profit from when there are multiple valid prices for an asset
Proof of Concept
Trading#_checkDelay is used "to prevent profitable opening and closing in the same tx with two different prices in the 'valid signature pool'". This unfortunately doesn't actually prevent this from happening. To take advantage of this the user would just open a long at the lower valid price and a short at the higher valid price. After the delay has ended the user can close both for a guaranteed profit.
Example:
ETH/USD has two valid signed prices. One at 990 and the other at 1010. The user can simultaneously open a 1 ETH short with the 1010 price and a 1 ETH long with the 990 price. Assume that after the block delay the price is 1005. The long can now be closed for a $15 gain an the short can be closed for $5.
Tools Used
Manual Review
Recommended Mitigation Steps
Never allow for there to be more than one valid price for each asset at any given time
The text was updated successfully, but these errors were encountered: