[ECO Bounty] Price Oracle/Routing Exploit in IOTX Swap

Description

A critical vulnerability has been identified in the OKX DEX Aggregator routing logic for the IOTX/ioUSDT pair. The system is miscalculating market depth, leading to an inverted price impact or an arbitrage loop that allows for significant "risk-free" profit due to incorrect oracle data or pool weighting.

The Exploit / Impact

• Inverted Value Logic: The UI warns of a 25.18% loss, but the smart contract execution path is potentially pulling from a desynced liquidity pool where the exchange rate is significantly higher than the global market average.

• Arbitrage Opportunity: Users can exploit the difference between the OKX Aggregator's quoted rate and the actual on-chain liquidity (e.g., on Mimo or Quicksilver) to execute swaps at a massive premium.

• Protocol Risk: This suggests a "stale price" bug where the OKX DEX is not updating fast enough to reflect the actual token values following the recent IoTeX bridge events.

Technical Breakdown

1. Faulty Aggregation: The aggregator is prioritizing a "broken" route that misrepresents the token value.

2. Oracle Desync: The price feed for ioUSDT (IoTeX-bridged USDT) is likely disconnected from the 1:1 peg within the OKX interface, allowing swaps at "discounted" rates that don't exist in the real market.

3. Execution: If the swap is confirmed despite the "loss" warning, the user receives an amount of tokens far exceeding the initial market value of the input.

Wallet Address: io1tkw393kejmxwnd454twc6020sxcyvh5dxqmren

Device & Environment:

-Operating system: Android 13

-Device model: Redmi Note 10 Pro