search

code-423n4 / 2023-08-dopex-findings

3 stars 3 forks source link

The utilization of strict equality within the subtractLoss function is susceptible to straightforward manipulation by a potential attacker. #2193

Closed code423n4 closed 12 months ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/eb4d4a201b3a75dd4bddc74a34e9c42c71d0d12f/contracts/perp-vault/PerpetualAtlanticVaultLP.sol#L199-L205

Vulnerability details

Impact

If this equality condition is intentionally disrupted, it will result in the failure of all settlement processes carried out using the settle function.

Proof of Concept

Tools Used

Manual review

Recommended Mitigation Steps

-      collateral.balanceOf(address(this)) == _totalCollateral - loss,
+      collateral.balanceOf(address(this)) >= _totalCollateral - loss,

Assessed type

Invalid Validation

c4-pre-sort commented 12 months ago

bytes032 marked the issue as duplicate of #619

c4-pre-sort commented 12 months ago

bytes032 marked the issue as sufficient quality report

c4-judge commented 10 months ago

GalloDaSballo marked the issue as nullified

c4-judge commented 10 months ago

GalloDaSballo marked the issue as partial-25

GalloDaSballo commented 10 months ago

I think you could have spent the 10 seconds to write about how