Closed github-actions[bot] closed 1 year ago
Ch_301
high
MaxLTV
Users can use this method with the different functions we just use reducePosition() to explain it
reducePosition()
Alice open a position with strategyId == ID01 and collToken == TokenA The MaxLTV of TokenA in the strategy ID01 is 2.5X.
strategyId == ID01
collToken == TokenA
TokenA
ID01
These are the critical values of Alice's position getPositionValue Is: 20k USD getDebtValue Is: 20k USD getUnderlyingValue Is: 10k USD
Now, Alice invokes reducePosition() with strategyId == ID02 The MaxLTV of TokenA in the strategy ID02 is 3X.
strategyId == ID02
ID02
So, the _validateMaxLTV() will do the check calculation with a different maxLTV
and this will lead to a wrong check
the user will reduce his position more than it should
Manual Review
You need to check strategy.vault with pod.collId
strategy.vault
pod.collId
Duplicate of #129
Ch_301
high
User could bypass the
MaxLTV
Summary
Users can use this method with the different functions we just use
reducePosition()
to explain itVulnerability Detail
Alice open a position with
strategyId == ID01
andcollToken == TokenA
The MaxLTV ofTokenA
in the strategyID01
is 2.5X.These are the critical values of Alice's position getPositionValue Is: 20k USD getDebtValue Is: 20k USD getUnderlyingValue Is: 10k USD
Now, Alice invokes
reducePosition()
withstrategyId == ID02
The MaxLTV ofTokenA
in the strategyID02
is 3X.So, the _validateMaxLTV() will do the check calculation with a different maxLTV
and this will lead to a wrong check
Impact
the user will reduce his position more than it should
Code Snippet
Tool used
Manual Review
Recommendation
You need to check
strategy.vault
withpod.collId
Duplicate of #129