shaka - The depegging of the collateral token from the USD could result in the Ubiquity Dollar token being undercollateralized

[sherlock-admin]

shaka

high

The depegging of the collateral token from the USD could result in the Ubiquity Dollar token being undercollateralized

Summary

The depegging of the collateral token from the USD could result in the Ubiquity Dollar token being undercollateralized.

Vulnerability Detail

The amount of Ubiquity Dollar tokens minted or redeemed is based on the USD value of the collateral at the time of minting or redeeming.

This can easily result in the Ubiquity Dollar token being under collateralized due to the price of the collateral tokens depegging from the USD.

Let's assume the following scenario, with no protocol fees for simplicity:

• Alice mints 1,000 tokens with DAI as collateral. Being at the moment the price of DAI 1.01 USD, she deposits 990.09901 DAI (1,000 / 1.01).
• The price of DAI stabilizes at 1.00 USD. Now we have 1,000 Ubiquity Dollar tokens backed by 990.09901 USD.
• Alice tries to redeem her 1,000 Ubiquity Dollar tokens, but the transaction fails as the total collateral is worth less than 1,000 USD.

A similar problem could arise if the price of the collateral is 1 USD at the time of minting and below 1 USD at the time of redeeming.

To give a realistic example of how this could affect the protocol, let's get the price feed of LUSD/USD at roundId 18446744073709556509, that returns the answer 105421019. All the tokens minted with LUSD as collateral at that moment would have ended up being 5.42% undercollateralized once the price of LUSD stabilized at 1 USD.

Impact

The protocol could end up being undercollateralized, which could result in the loss of funds for the users.

Code Snippet

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L355

https://github.com/sherlock-audit/2023-12-ubiquity/blob/main/ubiquity-dollar/packages/contracts/src/dollar/libraries/LibUbiquityPool.sol#L435

Tool used

Manual Review

Recommendation

A possible solution would be checking that the collateral token is between a certain range of prices at the time of minting and redeeming. This could at least minimize the impact of high deviations from the USD price. Another safety measure could be limiting the amount of tokens minted or redeemed depending on the deviation of the price of the collateral token.

Duplicate of #17

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

The issue describes about the protocol insolvancy in case of collateral depeg. It's not avoidable, that's why the protocol has borrowing function to get yield, take fees on mint and redeem, these features will hedge the risk from protocol insolvancy

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

auditsea commented:

The issue describes about the protocol insolvancy in case of collateral depeg. It's not avoidable, that's why the protocol has borrowing function to get yield, take fees on mint and redeem, these features will hedge the risk from protocol insolvancy