Lines of code
<https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/libraries/Oracle.sol#L106-L125&gt;

Vulnerability details

Impact

Volatility, and by extension the fee rate increase due to volatility can be circumvented by starting swaps with a token amount. The volatility is accumulated only at specific intervals, similar to the cumulative number of bins crossed. This is an issue since if a tiny amount (10 wei) is swapped, the volatility added will be 0. Following the token transaction with a large trade will not update the volatility since it will only be updated after the twap time interval. So padding large trades with a small token swap in the beginning will keep the volatility and thus the fees low even if the actual swap drastically moves the price.
Since variable fee is one of the main focuses of this protocol, this is marked as high severity.

Proof of Concept

A sample test can be added to LBPair.swaps.t.sol:

// Create LP with 10e18 tokens of X and Y each
// Dust swap
token6D.mint(address(pair), 5);
pair.swap(true, DEV);
// Volatility = 0

// Actual tx, moving 5e18 tokens
token6D.mint(address(pair), 5e18);
pair.swap(true, DEV);
// Volatility still 0
// If the dust transaction is commented out, volatility here is 20000

Tools Used

Foundry

Recommended Mitigation Steps

Take the largest swap within a time period to update the volatility, instead of just taking the very first transaction in that timeframe.

The text was updated successfully, but these errors were encountered:

All reactions