sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid: checked during the execute
Closed sherlock-admin closed 8 months ago
sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid: checked during the execute
nevillehuang
commented
8 months ago Invalid, if both mentioned parameters are negative, there will be no instance that skew will increase, so max skew is not required to be checked since longSkewFraction will decrease, so check is not required.
jennifer37
medium
Missing skew check in announceLeverageAdjust
Summary
Missing skew check in announceLeverageAdjust
Vulnerability Detail
In current announceLeverageAdjust() implementation, when additionalSizeAdjustment is positive, we think it's possible to increase skew. So we need to add checkSkewMax(). We do not add checkSkewMax() check when additionalSizeAdjustment is negative.
However, it's possible to increase skew when additionalSizeAdjustment is negative. For example, if parameters 'marginAdjustment' and 'additionalSizeAdjustment' are both negative, it's possible to increase skew.
Impact
Missing checkSkewMax check. System's skew can exceed max skew.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L217-L311
Tool used
Manual Review
Recommendation
Add checkSkewMax() check even if additionalSizeAdjustment is negative.