sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
Closed sherlock-admin closed 8 months ago
sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid
sherlock-admin
commented
8 months ago The protocol team fixed this issue in PR/commit https://github.com/dhedge/flatcoin-v1/pull/266.
jennifer37
medium
Need timely update stableCollateralTotal before checkSkewMax()
Summary
Need timely update stableCollateralTotal before checkSkewMax()
Vulnerability Detail
In function checkSkewMax(), skew's calculation is based on stableCollateralTotal. In function executeOpen(), we checkSkewMax() at first, and then update stableCollateralTotal, which means checkSkewMax() does not work as expected.
Impact
checkSkewMax() does not work as expected. Because stableCollateralTotal is out-dated.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L296-L307
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LeverageModule.sol#L80-L140
Tool used
Manual Review
Recommendation
Update stableCollateralTotal at first, then check checkSkewMax()
Duplicate of #143