In the worst case, the settleFundingFees function may not set marginDepositedTotal correctly, causing all functionality to break.
Summary
In the worst case scenario where marginDepositedTotal is not enough for _fundingFees needed for longs to pay shorts, settleFundingFees() will return and all functionality of the protocol will be crashed.
Vulnerability Detail
There might be worst case scenario where marginDepositTotal is not enough for fundingFees.
The documentation states that in this case 'marginDepositTotal' will be set to 0.
However, calling this function will be reverted due to an invalid comparison in the implementation.
In fact, marginDepositTotal is of type uint256 and is greater than all available negative fundingFees(int256), so the condition is always satisfied and in the worst case it is reverted. (marginDepositTotal < -fundingFees).
Impact
Announcement and execution of all leverage and liquidity function will call initially settleFundingFees function , so all the functionality will be broken in the worst case.
petro1912
high
In the worst case, the
settleFundingFees
function may not setmarginDepositedTotal
correctly, causing all functionality to break.Summary
In the worst case scenario where
marginDepositedTotal
is not enough for_fundingFees
needed forlongs
to payshort
s,settleFundingFees()
will return and all functionality of the protocol will be crashed.Vulnerability Detail
There might be worst case scenario where marginDepositTotal is not enough for
fundingFees
. The documentation states that in this case 'marginDepositTotal' will be set to 0. However, calling this function will be reverted due to an invalid comparison in the implementation. In fact,marginDepositTotal
is of type uint256 and is greater than all available negativefundingFees
(int256), so the condition is always satisfied and in the worst case it is reverted. (marginDepositTotal < -fundingFees
).Impact
Announcement and execution of all leverage and liquidity function will call initially
settleFundingFees
function , so all the functionality will be broken in the worst case.Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L232-L234
Tool used
Manual Review
Recommendation
Duplicate of #195