search

code-423n4 / 2022-02-hubble-findings

2 stars 2 forks source link

QA Report #124

Open code423n4 opened 2 years ago

code423n4 commented 2 years ago

https://github.com/code-423n4/2022-02-hubble/blob/main/contracts/AMM.sol#L540

the comment:

            makerNotional = newNotional * makerPos / totalPos //<-------- This line
            if (side remains same)
            reducedOpenNotional = takerOpenNotional * makerPos / takerPos
            pnl = makerNotional - reducedOpenNotional

and the actual code was 

 uint totalPosition = abs(makerPosition + takerPosition).toUint256();
        if (abs(takerPosition) > abs(makerPosition)) {  // taker position side remains same
            uint reducedOpenNotional = takerOpenNotional * abs(makerPosition).toUint256() / 
            abs(takerPosition).toUint256(); 
            uint makerNotional = newNotional * abs(makerPosition).toUint256() / totalPosition; //<------- this line
            pnlToBeRealized = _getPnlToBeRealized(takerPosition, makerNotional, reducedOpenNotional);

the line

 uint makerNotional = newNotional * abs(makerPosition).toUint256() / totalPosition;

was intended to executed outside of if() body(Not sure which one is the correct, the comment or the code)

atvanguard commented 2 years ago

Minor inaccuracy in the comment, so severity = 0