sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid: high(2)
Closed sherlock-admin2 closed 8 months ago
sherlock-admin
commented
8 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid: high(2)
petro1912
high
In the worst case, the
settleFundingFeesfunction may not setmarginDepositedTotalcorrectly, causing all functionality to break.Summary
In the worst case scenario where
marginDepositedTotalis not enough for_fundingFeesneeded forlongsto payshorts,settleFundingFees()will return and all functionality of the protocol will be crashed.Vulnerability Detail
There might be worst case scenario where marginDepositTotal is not enough for
fundingFees. The documentation states that in this case 'marginDepositTotal' will be set to 0. However, calling this function will be reverted due to an invalid comparison in the implementation. In fact,marginDepositTotalis of type uint256 and is greater than all available negativefundingFees(int256), so the condition is always satisfied and in the worst case it is reverted. (marginDepositTotal < -fundingFees).Impact
Announcement and execution of all leverage and liquidity function will call initially
settleFundingFeesfunction , so all the functionality will be broken in the worst case.Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L232-L234
Tool used
Manual Review
Recommendation
Duplicate of #195