cmichel
The YAxisVotePower.balanceOf contract uses the Uniswap pool reserves to compute a _lpStakingYax reward:
(uint256 _yaxReserves,,) = yaxisEthUniswapV2Pair.getReserves();
int256 _lpStakingYax = _yaxReserves
.mul(_stakeAmount)
.div(_supply)
.add(rewardsYaxisEth.earned(_voter));
The pool can be temporarily manipulated to increase the _yaxReserves amount.
If this voting power is used for governance proposals, an attacker can increase their voting power and pass a proposal.
One could build a TWAP-style contract that tracks a time-weighted-average reserve amount (instead of the price in traditional TWAPs).
This can then not be manipulated by flashloans.
The text was updated successfully, but these errors were encountered:
All reactions