XO-settle function does not check if the pre variable is actually set
Summary
The settle function does not check if the pre variable is set, which could allow an attacker to create a malicious PrePosition that has a zero value for the taker and maker fields. If the attacker were able to do this, they could then call the settle function and cause the contract to revert.
The vulnerability in the settle function so the problem is that there is a line is that it does not check if the pre variable is actually set. so we have the The pre variable is a global variable that stores the current global pending-settlement position delta, and The settle function is called when the global position is settled to a new oracle version. so The settle function calls the settled function on the current global position, passing in the pre variable and the new oracle version and the settled function calculates the new global position after settlement. so If the pre variable is not set, then the settled function will throw an error. and The settle function does not check if the pre variable is set, so an attacker could create a malicious PrePosition that has a zero value for the taker and maker fields. If the attacker were able to do this, they could then call the settle function and cause the contract to revert.
Impact
An attacker could create a malicious PrePosition that has a zero value for the taker and maker fields. If the attacker were able to do this, they could then call the settle function and cause the contract to revert.
XDZIBEC
high
XO-
settle
function does not check if thepre
variable is actually setSummary
The
settle
function does not check if thepre
variable is set, which could allow an attacker to create a maliciousPrePosition
that has a zero value for the taker and maker fields. If the attacker were able to do this, they could then call the settle function and cause the contract to revert.Vulnerability Detail
pre
variable is actually set. so we have the Thepre
variable is a global variable that stores the current globalpending-settlement
positiondelta,
and Thesettle
function is called when the global position issettled
to a new oracle version. so Thesettle
function calls thesettled
function on the current global position, passing in thepre
variable and the new oracle version and thesettled
function calculates the new global position aftersettlement.
so If thepre
variable is notset,
then the settled function will throw an error. and Thesettle
function does not check if thepre
variable is set, so an attacker could create a maliciousPrePosition
that has a zero value for the taker and maker fields. If the attacker were able to do this, they could then call the settle function and cause the contract to revert.Impact
PrePosition
that has a zero value for the taker and maker fields. If the attacker were able to do this, they could then call thesettle
function and cause the contract to revert.Code Snippet
Tool used
Manual Review
Recommendation
require
statement to check if thepre.taker
andpre.maker
variables are both greater than0
.