Oracle Uses Manipulable Curve Pool Function
Description
The oracle uses the get_p() Curve pool function which can be manipulated via flashloan to calculate the asset price, potentially leading to incorrect calculations.
Examples
Insecure Code
solidity
contract Oracle { function getPrice() public view returns (uint) { return get_p(); } }Secure Code
solidity
contract Oracle { function getPrice() public view returns (uint) { return securePriceOracle.getPrice(); } }Remediation
Use a secure price oracle that is resistant to flashloan manipulation.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0228 |
| Category | Crypto |
| Severity | HIGH |
| CWE | CWE-682 |
| Confidence | LOW |
| Impact | HIGH |
| Likelihood | LOW |
| Exploitability | MODERATE |
| Tags | oracle, flashloan, curve |
| OWASP | N/A |
References
- https://x.com/danielvf/status/1800556249924440211
- https://docs.curve.fi/stableswap-exchange/stableswap-ng/pools/oracles/?h=get_p#price-and-d-oracles
- https://slowmist.medium.com/analysis-of-the-uwu-lend-hack-9502b2c06dbe
- https://x.com/CyversAlerts/status/1800139071857316328
- https://defimon.xyz/attacker/mainnet/0x841ddf093f5188989fa1524e7b893de64b421f47