shaka - Ubiquity Dollar is pegged to 3CRV instead of USD

[sherlock-admin]

shaka

high

Ubiquity Dollar is pegged to 3CRV instead of USD

Summary

The stability of the Ubiquity Dollar is tracked in terms of its price in 3CRV, not in USD. So in the event of 3CRV depegging from USD, the stabilization mechanism will not work as intended.

Vulnerability Detail

The mintDollar and redeemDollar functions in the UbiquityPoolFacet contract are meant to be called on Ubiquity Dollar depeg events in order to recover the peg to the USD.

The mint function checks that the Ubiquity Dollar price is over the mintPriceThreshold and the redeem function checks that the Ubiquity Dollar price is under the redeemPriceThreshold.

The issue is that the price returned by getDollarPriceUsd() is the price of the Ubiquity Dollar in 3CRV, not the price of the Ubiquity Dollar in USD, so the mint and redeem functions can only be called when the price of the Ubiquity Dollar depegs from 3CRV.

This will lead to issues in several scenarios. Let's explore some of them:

• 3CRV depegs from USD, but the Ubiquity Dollar maintains its peg to 3CRV. In this case, the mint and redeem functions will not be callable, even though the Ubiquity Dollar is not pegged to USD.
• 3CRV depegs from USD, and the Ubiquity Dollar depegs from 3CRV in the opposite direction. For example, 3CRV is worth 0.95 USD, and Ubiquity Dollar is worth 1.02 3CRV (so 0.969 USD). In this case, the mint function will be callable instead of the redeem function, that would be the desired.

Impact

The stabilization mechanism of the price via minting and redeeming will not work as intended, and the Ubiquity Dollar will not be able to recover its peg to USD in depeg events.

Code Snippet

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibTWAPOracle.sol#L104-L122

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L346-L349

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L418-L421

Tool used

Manual Review

Recommendation

Use Chainlink price feeds to get the price of the 3CRV token in USD, as explained in the this article and with that value calculate the price of the Ubiquity Dollar in USD.

Duplicate of #59

[sherlock-admin2]

2 comment(s) were left on this issue during the judging contest.

0xLogos commented:

Peg is mantained by collateral pricing in mint/redeem, twap only used only for preventing unnecessary mint/redeem. Also twap is aproximate by nature and intended to prevent manipulation, not peg

auditsea commented:

Defining Ubiquitiy Dollar price based on LP price is protocol decision and seems fine

[sherlock-admin2]

2 comment(s) were left on this issue during the judging contest.

0xLogos commented:

Peg is mantained by collateral pricing in mint/redeem, twap only used only for preventing unnecessary mint/redeem. Also twap is aproximate by nature and intended to prevent manipulation, not peg

auditsea commented:

Defining Ubiquitiy Dollar price based on LP price is protocol decision and seems fine