Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
code423n4Code4renaCODE423N4:2022-06-NIBBL-FINDINGS-ISSUES-226
HistoryJun 24, 2022 - 12:00 a.m.

TWAV can be attacked by flash loan

2022-06-2400:00:00
Code4rena
github.com
3
JSON

Lines of code

Vulnerability details

Impact

_updateTWAV can be flash loaned. Hacker may pay the flash loan fee for 4 blocks then execute the attack after that.

Proof of Concept

    function _updateTWAV(uint256 _valuation, uint32 _blockTimestamp) internal {
        uint32 _timeElapsed; 
        unchecked {
            _timeElapsed = _blockTimestamp - lastBlockTimeStamp;
        }

        uint256 _prevCumulativeValuation = twavObservations[((twavObservationsIndex + TWAV_BLOCK_NUMBERS) - 1) % TWAV_BLOCK_NUMBERS].cumulativeValuation;
        twavObservations[twavObservationsIndex] = TwavObservation(_blockTimestamp, _prevCumulativeValuation + (_valuation * _timeElapsed)); //add the previous observation to make it cumulative
        twavObservationsIndex = (twavObservationsIndex + 1) % TWAV_BLOCK_NUMBERS;
        lastBlockTimeStamp = _blockTimestamp;
    }

Focus here twavObservations[twavObservationsIndex] = TwavObservation(_blockTimestamp, _prevCumulativeValuation + (_valuation * _timeElapsed)); //add the previous observation to make it cumulative

Follow this process:

  1. Attacker flash loan and drive the _valuation to the moon
  2. twavObservations[0] is calculated for _valuation that is already moon, so twavObservations[0] is also moon.
  3. Attacker dump back and repay the flash loan fee. In this part,
  4. Repeat for 4 blocks, so twavObservations[0], twavObservations[1], twavObservations[2], twavObservations[3] is all moon
  5. Now do anything related to flash loan attack as all twavObservations are already moon, _getTwav() will return manipulated price that is very moon.

Cost required to attack

image

With TWAP window of 4 block, hacker may need to flash loan at most 1000M USD for 4 blocks to move the price of WETH in 0.3% fee uniswapv3 pool up 90%.

Flash loan and swapping has around 0.2% fee, hacker lost 2M/block for 4 blocks = 8M

But hacking reward may be greater than this (In case of large pool for example WETH/USDC)

For lower liquidity pair, cost is far less than this.

Tools Used

Manual. And some calculation

Recommended Mitigation Steps

TWAV should span more than 4 blocks, more blocks, it cost more money for rich attacker. Attacker may broke before attack got successful.

Some calculation research here: <https://blog.euler.finance/uniswap-oracle-attack-simulator-42d18adf65af&gt;

The text was updated successfully, but these errors were encountered:

šŸ‘Ž 2 GalloDaSballo and mundhrakeshav reacted with thumbs down emoji

All reactions

  • šŸ‘Ž 2 reactions
JSON