Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Resonate>Discussion>Oracle attacks
GeneralOverview
Findings
Low (2)
Informational (1)
DiscussionOracle attacksReentrancyComposabilityCode maturity
Audit ResultsAudit Results

Oracle attacks

If an attacker got control of the price oracle, they could pass a low price to sharesPerPacket during a call to submitProducer(…):

sharesPerPacket = IOracleDispatch(oracleDispatch[vaultAsset][pool.asset]).getValueOfAsset(vaultAsset, pool.asset, true);

The depressed price would drive up the number of packets of vault shares for interest claiming.


producerPacket = getAmountPaymentAsset(pool.rate * pool.packetSize/PRECISION, sharesPerPacket, vaultAsset, vaultAsset);

producerOrder = Order(uint112(amount/ producerPacket), sharesPerPacket, msg.sender.fillLast12Bytes());

They would get matched with a higher amount of underlying vault principal for the same dollar amount of pool asset deposited, allowing them to earn excessive interest. Similar to the points in the section on centralization risk, this attack vector is best managed by 1) using a multisig to set the price oracle address and 2) using a reliable price oracle such as ChainLink.

Zellic © 2024Back to top ↑