You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A vulnerability was identified where the CurveVolatileCollateral contract overrides _anyDepeggedInPool() to check if the distribution of capital is balanced. As illustrated, an attacker could exploit the system by utilizing a flash loan to deposit additional USDT into the pool, subsequently marking the CurveVolatileCollateral as IFFY, and leading to potential undesired consequences on the asset pool.
Mitigation
PR #896
In response to the identified vulnerability, the sponsor made a thorough clean step and totally avoided the issue by deleting the CurveVolatileCollateral.sol file from the GitHub repository. Nevertheless, it's recommended to have a backup tracking of the de-pegging events for other intended purposes just in case.
Conclusion
The mitigation steps employed have successfully resolved the identified vulnerability concerning the flash loan attack on CurveVolatileCollateral, contributing to the overall security and integrity of the Reserve Protocol.
The text was updated successfully, but these errors were encountered:
Lines of code
Vulnerability details
Lines of code
https://github.com/reserve-protocol/protocol/blob/9ee60f142f9f5c1fe8bc50eef915cf33124a534f/contracts/plugins/assets/curve/CurveVolatileCollateral.sol#L32-L65
Vulnerability details
A vulnerability was identified where the
CurveVolatileCollateral
contract overrides_anyDepeggedInPool()
to check if the distribution of capital is balanced. As illustrated, an attacker could exploit the system by utilizing a flash loan to deposit additional USDT into the pool, subsequently marking the CurveVolatileCollateral as IFFY, and leading to potential undesired consequences on the asset pool.Mitigation
PR #896
In response to the identified vulnerability, the sponsor made a thorough clean step and totally avoided the issue by deleting the
CurveVolatileCollateral.sol
file from the GitHub repository. Nevertheless, it's recommended to have a backup tracking of the de-pegging events for other intended purposes just in case.Conclusion
The mitigation steps employed have successfully resolved the identified vulnerability concerning the flash loan attack on CurveVolatileCollateral, contributing to the overall security and integrity of the Reserve Protocol.
The text was updated successfully, but these errors were encountered: