Using the depositing assets' oracle price at 100% of its value to mint tokens without a fee can be used for arbitrage.
Summary
Allowing the users to mint beanstalk tokens using the collateral assets, at 100% of their value based on the oracle price without a fee can easily be exploited by the arbitragers.
Vulnerability Details
The Oracle price can not be trusted as the real-time price.
For example, ETH/USD price feeds on miannet have a "Deviation threshold" of 0.5%, meaning that the price will only be updated once the price movement exceeds 0.5% within the heartbeat period.
Say if the previous price point for WETH is 1000 USD, the price will only be updated once the price goes up to more than 1005 USD or down to less than 995 USD.
Impact
When the market price of WETH is lower than the oracle price, it is possible to mint more tokens by using 1 WETH and selling it directly, causing the quality of the collateral for USSD to continuously decrease and the value to be leaked to the arbitragers.
Tools Used
Manual Review
Recommendations
Consider adding a minting fee of 0.5% to 1% (should be higher than the deviation).
Lead Judging Commences
Oracle deviation
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.