sherlock-audit / 2023-05-perennial-judging

12 stars 9 forks source link

simon135 - when their are no positions in the que the protocol wont allow the taker to make position #214

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

simon135

medium

when their are no positions in the que the protocol wont allow the taker to make position

Summary

when there are no positions in the queue it will get back 1e18 which in some markets it will revert. So with users call this function when there are no ques will cause reverts which should not happen

Vulnerability Detail

Since the modifier maxUtilizationInvariant uses unsafeDiv on pre.taker and pre.maker so if they are both zero it will return 1e18 and it will revert causing some users who called the function to revert and maybe not be able to close their position their causing some loss and having to wait until the next oracle settlement.

Impact

gas loss/ time impact loss with settlements

Code Snippet

// utilization
//@audit since the function will return 1e18 when both are zero, it will revert  
        UFixed18 utilization = next.taker.unsafeDiv(next.maker) ;
        if (utilization.gt(UFixed18Lib.ONE.sub(utilizationBuffer()))) 
            revert ProductInsufficientLiquidityError(utilization);
    function unsafeDiv(UFixed18 a, UFixed18 b) internal pure returns (UFixed18) {
        if (isZero(b)) {
            return isZero(a) ? ONE : MAX;
        } else {
            return div(a, b);
        }

Tool used

Manual Review

Recommendation

all markets should have a mandatory buffer or if the result is 1e18 then make it zero and don't revert