sherlock-audit / 2023-12-flatmoney-judging

11 stars 9 forks source link

jennifer37 - improper profitLoss in PerpMath::_profitLoss() #100

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

jennifer37

medium

improper profitLoss in PerpMath::_profitLoss()

Summary

improper profitLoss in PerpMath::_profitLoss()

Vulnerability Detail

In function _profitLoss(), we will process PnL. If profitLossTimesTen is positive, we might meet improper process for PnL.

Case 1: Alice's current profitLossTimesTen is 25. The return PnL will be 1.
Case 2: Alice's curren profitLossTimesTen is 20. The return PnL will be 2.

In some special case, Alice's actual low profitLossTimesTen can return higher PnL, which is unexpected.

Impact

Actual low PnL could return higher PnL because of wrong math calculation.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/libraries/PerpMath.sol#L175-L184

Tool used

Manual Review

Recommendation

We need to check profitLossTimesTen is positive or negative. And process different cases according to positive or negative.

Duplicate of #286

sherlock-admin commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

karanctf commented:

nigligible 5 wei as price is in eth with 18 dec https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/libraries/PerpMath.sol#L174