Missing timestamp validation in collateral vault
Description
The withdraw operation of the collateral vault allows providing the following parameters in the solution:
(@ args
(
withdraw_amount
price_info
liquidation_ratio
current_timestamp
statutes_cumulative_stability_df
current_stability_df
)
)
While the other parameters are verified via the statutes announcements, the current_timestamp
is not verified to be the valid value via ASSERT_BEFORE_SECONDS_ABSOLUTE
and ASSERT_SECONDS_ABSOLUTE
conditions.
Impact
An attacker could use an old timestamp, which would result in an incorrect (old) value of cumulative_stability_df
. This cumulative stability discount factor is used to calculate the undiscounted principal and hence the minimum collateral required in the vault such that it is above the liquidation threshold. While the old cumulative stability discount factor could only be used up until the timestamp of the price_info
, manipulation of the value could lead to users withdrawing some amount from the vault, even if the vault may be liquidatable.
Recommendations
We recommend verifying the validity of current_timestamp
via ASSERT_BEFORE_SECONDS_ABSOLUTE
and ASSERT_SECONDS_ABSOLUTE
conditions.
Remediation
This issue has been acknowledged by Voltage Technologies Ltd., and a fix was implemented in commit 4d420834↗.