The calculation of feeAmount is incorrect in Perp._placePerpOrder
Summary
The calculation of feeAmount is incorrect in Perp._placePerpOrder. It uses the returned quoteAmount to calculate the fee paid in opening and closing positions. But the amount of the fee has already been removed from quoteAmount. Thus, the calculation based on quoteAmount is incorrect.
Vulnerability Detail
Perp._placePerpOrder calculates feeAmount based on quoteAmount.
function _openPositionFor(address trader, OpenPositionParams memory params)
internal
returns (
uint256 base,
uint256 quote,
uint256 fee
)
{
…
return (response.base, response.quote, response.fee);
}
function openPosition(OpenPositionParams memory params)
external
override
whenNotPaused
nonReentrant
checkDeadline(params.deadline)
returns (uint256 base, uint256 quote)
{
// openPosition() is already published, returned types remain the same (without fee)
(base, quote, ) = _openPositionFor(_msgSender(), params);
return (base, quote);
}
Impact
The wrong calculation of feeAmount causes an accounting error. It won’t immediately harm the protocol. But it could lead to a potential threat in the future.
GimelSec
medium
The calculation of
feeAmount
is incorrect inPerp._placePerpOrder
Summary
The calculation of
feeAmount
is incorrect inPerp._placePerpOrder
. It uses the returnedquoteAmount
to calculate the fee paid in opening and closing positions. But the amount of the fee has already been removed fromquoteAmount
. Thus, the calculation based onquoteAmount
is incorrect.Vulnerability Detail
Perp._placePerpOrder
calculatesfeeAmount
based onquoteAmount
.But the fee has already been removed from
quoteAmount
https://github.com/perpetual-protocol/perp-curie-contract/blob/main/contracts/Exchange.sol#L534ClearingHouse._openPositionFor
returns the correct amount of fee. ButClearingHouse.openPosition
ignores the returnedfee
. https://github.com/perpetual-protocol/perp-curie-contract/blob/main/contracts/ClearingHouse.sol#L1009Impact
The wrong calculation of
feeAmount
causes an accounting error. It won’t immediately harm the protocol. But it could lead to a potential threat in the future.Code Snippet
https://github.com/sherlock-audit/2023-01-uxd/blob/main/contracts/integrations/perp/PerpDepository.sol#L370
Tool used
Manual Review
Recommendation
Fix the calculation wrongly based on
quoteAmount
. Or simply useClearingHouse.openPositionFor
instead ofClearingHouse.openPosition
.ClearingHouse.openPositionFor
returnsfee
https://github.com/perpetual-protocol/perp-curie-contract/blob/main/contracts/ClearingHouse.sol#L396Duplicate of #271