This repository has been archived by the owner on Mar 3, 2024. It is now read-only.
xiaoming90 - Malicious or compromised admin of certain LSTs could manipulate the price #570
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
Medium
A valid Medium severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
xiaoming90
medium
Malicious or compromised admin of certain LSTs could manipulate the price
Summary
Malicious or compromised admin of certain LSTs could manipulate the price of the LSTs.
Vulnerability Detail
Per the contest detail page, the protocol will hold and interact with the Swell ETH (swETH).
Upon inspection of the swETH on-chain contract, it was found that it is a Transparent Upgradeable Proxy. This means that the admin of Swell protocol could upgrade the contracts.
Tokemak relies on the
swEth.swETHToETHRate()
function to determine the price of the swETH LST within the protocol. Thus, a malicious or compromised admin of Swell could upgrade the contract to have theswETHToETHRate
function return an extremely high to manipulate the total values of the vaults, resulting in users being able to withdraw more assets than expected, thus draining the LMPVault.Impact
Loss of assets in the scenario as described above.
Code Snippet
https://github.com/sherlock-audit/2023-06-tokemak/blob/main/v2-core-audit-2023-07-14/src/oracles/providers/SwEthEthOracle.sol#L26
Tool used
Manual Review
Recommendation
The protocol team should be aware of the above-mentioned risks and consider implementing additional controls to reduce the risks.
Review each of the supported LSTs and determine how much power the Liquid staking protocol team/admin has over its tokens.
For LSTs that are more centralized (e.g., Liquid staking protocol team could update the token contracts or have the ability to update the exchange rate/price to an arbitrary value without any limit), those LSTs should be subjected to additional controls or monitoring, such as implementing some form of circuit breakers if the price deviates beyond a reasonable percentage to reduce the negative impact to Tokemak if it happens.
The text was updated successfully, but these errors were encountered: