When user wants to decrease position, then he provides _repayShares param. In case if he will need to fully close position, then he will provide whole shares of debt of the position. There is a check, that debt shares amount provided by user should be smaller than position's debt shares. Pls, note that there is no ability to provide bigger value to be sure that position will be closed as it is done in other parts of protocol.
As anyone can repay on behalf of position, attacker have ability to block full closing of positions by repaying small debt shares and trigger the check inside _reducePosInternal revert. This can be bad for a victim as because of that dos it can lose funds.
Impact
Full decrease can be blocked.
Tools Used
VsCode
Recommended Mitigation Steps
As you do in other parts of protocol in case if _param.repayShares is bigger than position debt shares, then repay position debt shares.
c4-bot-7
commented
8 months ago
Lines of code
https://github.com/code-423n4/2024-01-init-capital-invitational/blob/main/contracts/hook/MarginTradingHook.sol#L288-L291
Vulnerability details
Proof of Concept
When user wants to decrease position, then he provides
_repaySharesparam. In case if he will need to fully close position, then he will provide whole shares of debt of the position. There is a check, that debt shares amount provided by user should be smaller than position's debt shares. Pls, note that there is no ability to provide bigger value to be sure that position will be closed as it is done in other parts of protocol.As anyone can repay on behalf of position, attacker have ability to block full closing of positions by repaying small debt shares and trigger the check inside
_reducePosInternalrevert. This can be bad for a victim as because of that dos it can lose funds.Impact
Full decrease can be blocked.
Tools Used
VsCode
Recommended Mitigation Steps
As you do in other parts of protocol in case if
_param.repaySharesis bigger than position debt shares, then repay position debt shares.Assessed type
Error