A compromised or malicious owner of PairsContrat can manipulate chainlinkFeed price #311
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
duplicate-377
satisfactory
satisfies C4 submission criteria; eligible for awards
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/PairsContract.sol#L33-L37
Vulnerability details
Impact
Detailed description of the impact of this finding.
A compromised or malicious owner of
PairsContract
can manipulatechainlinkFeed
priceProof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.
A compromised or malicious owner of
PairsContract
can manipulate chainlinkFeed price as follows:setAssetChainlinkFeed(uint256 _asset, address _MalicousFeed)
, now the_maliciousFeed
becomes the fake chainlinkFeed_maliciousFeed
and used in the advantage of the attacker to gain profit in tradingTools Used
Remix
Recommended Mitigation Steps
The owner should be not allowed to change the
chainlinkFeed
, all chainlinkFeeds should be defined as constants and explicit. Use proxy pattern to include new feeds when necessary.The text was updated successfully, but these errors were encountered: