Introduction
On January 27, Citadel.one suffered a financial loss of approximately USD 92.7k due to a price manipulation exploit affecting a core smart contract designed to handle redemptions. This report analyzes the technical details of the incident and proposes recommendations for future prevention.
Incident Details
The vulnerability resides in the “redeem()” function within the Redemption smart contract, which converts deposited WETH/USDC.E LP tokens back to underlying assets. This function relied on the “getAmountsOut()” function from the Camelot router contract to determine the redemption amount. The attacker manipulated the price of the WETH/USDC.E pool on Camelot, causing “getAmountsOut()” to overestimate the value of deposited LP tokens, resulting in an inflated redemption amount.
WETH/USDC.E pool manipulation transaction
Impact
- Citadel.one suffered a financial loss of approximately USD 92.7k.
- The incident raises concerns about the vulnerability of DeFi protocols to price manipulation exploits.
Technical Analysis
Redeem Function Reliance
The “redeem()” function’s dependence on an external pricing oracle (Camelot Pair) introduced a reliance on the integrity of the underlying data.
Price Manipulation Vulnerability
The attacker exploited flaws in the Camelot Pair contract or the external price feeds to manipulate the WETH/USDC.E pool price, affecting the “getAmountsOut()” calculation.
Lack of Additional Validation
The “redeem()” function lacked independent validation or upper limit checks on the redemption amount, allowing the manipulated value to be directly used for token disbursement.
Recommendations
Reduce Reliance on External Oracles
Consider implementing internal pricing mechanisms or utilizing multiple trusted oracles for redundancy and cross-validation.
Enhanced Price Manipulation Detection
Integrate mechanisms to detect and flag anomalous price fluctuations in underlying assets or oracles, such as Forta Protocol price monitoring bots.
Additional Validation Mechanisms
Implement upper limit checks or independent price verification to prevent inflated redemption amounts based on manipulated data.
Conclusion
The Citadel.one exploit highlights the importance of robust security measures and vigilant risk assessment in DeFi protocols. Implementing the recommended measures can help mitigate future price manipulation exploits and strengthen overall platform security.
About Olympix
Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.
Join our beta program to fortify your smart contracts and proactively shield them from exploits in the evolving Web3 security landscape.
Connect with us on:
Twitter | LinkedIn | Discord | Medium | Instagram | Telegram | Substack
