This repository has been archived by the owner on Jul 14, 2024. It is now read-only.
shaka - Ubiquity Dollar is pegged to 3CRV instead of USD #15
Labels
Non-Reward
This issue will not receive a payout
shaka
high
Ubiquity Dollar is pegged to 3CRV instead of USD
Summary
The stability of the Ubiquity Dollar is tracked in terms of its price in 3CRV, not in USD. So in the event of 3CRV depegging from USD, the stabilization mechanism will not work as intended.
Vulnerability Detail
The
mintDollar
andredeemDollar
functions in theUbiquityPoolFacet
contract are meant to be called on Ubiquity Dollar depeg events in order to recover the peg to the USD.The mint function checks that the Ubiquity Dollar price is over the
mintPriceThreshold
and the redeem function checks that the Ubiquity Dollar price is under theredeemPriceThreshold
.The issue is that the price returned by
getDollarPriceUsd()
is the price of the Ubiquity Dollar in 3CRV, not the price of the Ubiquity Dollar in USD, so the mint and redeem functions can only be called when the price of the Ubiquity Dollar depegs from 3CRV.This will lead to issues in several scenarios. Let's explore some of them:
Impact
The stabilization mechanism of the price via minting and redeeming will not work as intended, and the Ubiquity Dollar will not be able to recover its peg to USD in depeg events.
Code Snippet
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibTWAPOracle.sol#L104-L122
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L346-L349
https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L418-L421
Tool used
Manual Review
Recommendation
Use Chainlink price feeds to get the price of the 3CRV token in USD, as explained in the this article and with that value calculate the price of the Ubiquity Dollar in USD.
Duplicate of #59
The text was updated successfully, but these errors were encountered: