search

sherlock-audit / 2023-07-perennial-judging

2 stars 1 forks source link

WATCHPUG - `claimAssets` should not increase `Checkpoint.count` #149

Closed sherlock-admin closed 1 year ago

sherlock-admin commented 1 year ago

WATCHPUG

medium

claimAssets should not increase Checkpoint.count

Summary

Vulnerability Detail

Beacuse a user who claimAssets will not split the settlementFee with the other users who deposit and redeem.

Impact

Code Snippet

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial-vault/contracts/Vault.sol#L238-L279

https://github.com/sherlock-audit/2023-07-perennial/blob/main/perennial-v2/packages/perennial-vault/contracts/types/Checkpoint.sol#L62-L69

Tool used

Manual Review

Recommendation

CheckpointLib.update() should only increase the count when deposit or redemption > 0.

sherlock-admin commented 1 year ago

1 comment(s) were left on this issue during the judging contest.

141345 commented:

l