Protocol is served as zero-slippage liquidity pool for stable coins #483
Labels
3 (High Risk)
Assets can be stolen/lost/compromised directly
bug
Something isn't working
duplicate-462
nullified
Issue is high quality, but not accepted
upgraded by judge
Original issue severity upgraded from QA/Gas by judge
Lines of code
https://github.com/code-423n4/2022-12-tigris/blob/588c84b7bb354d20cbca6034544c4faa46e6a80e/contracts/StableVault.sol#L27
Vulnerability details
Impact
Currently, protocol allows swap between stable coins like USDT, DAI, tigUSD at rate 1-1 all the time. While in reality, value of these tokens are not stayed the same, even for USDT-USDC, USDC usually has higher value than USDT.
Serving as zero-slippage pool for stable coins will usually make depositors losing funds and left the pool with single token. Everyone will deposit low value token and withdraw high value one. And the result is honest users, who only deposit tokens to Vault without acknowledge this is usually the one suffering loss.
Also, it increased the chance of tigUSD got depegged because to be honest, it's a new token with lowest trust among these stable coins so most of the time, Vault will only contains tigUSD.
Proof of Concept
Consider the scenario
There is a StableVault that support both USDC and DAI. Assume 1 DAI = 0.998 USDC
Tools Used
Manual Review
Recommended Mitigation Steps
Consider only allowing users withdraw the exact token they deposited
The text was updated successfully, but these errors were encountered: