GoGoPool contest - WatchDogs's results

Lines of code

https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/tokens/upgradeable/ERC4626Upgradeable.sol#L148

Vulnerability details

Impact

Using the previewRedeem function of ERC4626Upgradeable, it is possible to manipulate the price. An attacker can increase or decrease the price to carry out various attacks against the protocol.

Proof of Concept

The preview methods return values that are as close as possible to exact as possible. For that reason, they are manipulable by altering the on-chain conditions and are not always safe to be used as price oracles. This specification includes convert methods that are allowed to be inexact and therefore can be implemented as robust price oracles. For example, it would be correct to implement the convert methods as using a time-weighted average price in converting between assets and shares.`

The previewRedeem function will call the convertToAssets function, in the convertToAssets the share is calculated on the basis of totalAsset and supply which can be increased or decreased within a single transaction by calling the deposit functions, This allows the attacker to inflate or deflate the price within a single transaction.

https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/tokens/upgradeable/ERC4626Upgradeable.sol#L148

function previewRedeem(uint256 shares) public view virtual returns (uint256) {
		return convertToAssets(shares);
	}

https://github.com/code-423n4/2022-12-gogopool/blob/main/contracts/contract/tokens/upgradeable/ERC4626Upgradeable.sol#L126

	function convertToAssets(uint256 shares) public view virtual returns (uint256) {
		uint256 supply = totalSupply; // Saves an extra SLOAD if totalSupply is non-zero.

		return supply == 0 ? shares : shares.mulDivDown(totalAssets(), supply);
	}

Tools Used

Code inspection

Recommended Mitigation Steps

Price in ERC4626 vault should not be calculated using previewReedem function.