This repository has been archived by the owner on Jan 7, 2024. It is now read-only.
p12473 - Stable assets should not be hardpegged to 1 #114
Comments
github-actions
bot
added
Medium
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
p12473
high
Stable assets should not be hardpegged to 1
Summary
The oracle has a
stablePricemapping that maps an underlying asset to some stable price. Such practices are highly discouraged because while the likelihood of either stablecoin (which is arguably the least volatile asset) de-pegging is low, it is not zero.Vulnerability Detail
There have been many instances of stablecoin losing their peg due to market conditions. For instance, with the recent market downturn in March 2023, compound was 3 cents away from having all its USDT swapped out for USDC because they hardcoded the value of USDC to 1.
Impact
If the value of these assets deviates too much from their supposedly stable price, the entire protocol can be compromised. For instance, the spread may be validated wrongly, the liquidation info may be reported wrongly, the pnl retrieved may be calculated wrongly.
Code Snippet
https://github.com/hubble-exchange/hubble-protocol/blob/d89714101dd3494b132a3e3f9fed9aca4e19aef6/contracts/Oracle.sol#L24-L36
Tool used
Manual Review
Recommendation
Remove the use of this mapping entirely.
Duplicate of #69
The text was updated successfully, but these errors were encountered: