Algo Ssstablecoinsss

AI First Flight #2

Beginner FriendlyDeFi

EXP

View results

Previous Next

Submission Details

Impact: high

Likelihood: low

Invalid

[M-06] No Protection Against Flash Loan Price Manipulation Attacks

rensley

Root + Impact

Description

The protocol reads oracle prices and uses them immediately for collateral valuation and health factor calculations.
While Chainlink oracles are resistant to manipulation, the protocol doesn't implement any time-weighted average price (TWAP) or multi-block delay mechanism.
During extreme market conditions or if alternative oracles are used in forks, flash loan attacks could temporarily manipulate prices to mint excess DSC or avoid liquidation.

// Root cause in the codebase with @> marks to highlight the relevant section

@internal

@view

def _get_usd_value(token: address, amount: uint256) -> uint256:

price_feed: AggregatorV3Interface = AggregatorV3Interface(

self.token_address_to_price_feed[token]

)

# ...

@> # Price used immediately - no TWAP or delay

return (

(convert(price, uint256) * ADDITIONAL_FEED_PRECISION) * amount

) // PRECISION

Risk

Likelihood: Low

Reason 1 // Chainlink is manipulation-resistant
Reason 2 // But forks may use different oracles

Impact: High

Impact 1 // Flash loan could manipulate spot price
Impact 2 // Mint excess DSC at inflated collateral value
Impact 3 // Avoid liquidation by temporarily pumping price

Proof of Concept

The following outlines how a flash loan attack could exploit single-block price readings to manipulate collateral valuations. While Chainlink mitigates this, protocol forks using DEX oracles would be vulnerable.

def test_flash_loan_attack_vector():

# Theoretical attack (harder with Chainlink, easier with DEX oracles):

# 1. Flash loan large amount of ETH

# 2. Manipulate spot price upward

# 3. Deposit minimal collateral at inflated price

# 4. Mint maximum DSC

# 5. Price returns to normal

# 6. Repay flash loan

# Result: Attacker has DSC backed by insufficient collateral

pass

Recommended Mitigation

Consider implementing a minimum collateral time lock or using TWAP prices for critical operations. This adds a layer of protection against price manipulation, especially important for protocol forks that may use less secure oracle sources.

+ MIN_COLLATERAL_DELAY: constant(uint256) = 1 # At least 1 block

+ user_last_deposit_block: HashMap[address, uint256]

@internal

def _deposit_collateral(...):

# ...

+ self.user_last_deposit_block[msg.sender] = block.number

@internal

def _mint_dsc(amount_dsc_to_mint: uint256):

+ assert block.number > self.user_last_deposit_block[msg.sender], "DSCEngine__WaitOneBlock"

# ... rest of function

Updates

Lead Judging Commences

ai-first-flight-judge Lead Judge about 3 hours ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

This contest has a flat reward structure with the following payouts:

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being reviewed by our AI judge. Results will be available in a few minutes.

View all submissions

Rewards Distribution

The contest is complete and the rewards are being distributed.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!