search

sherlock-audit / 2023-12-flatmoney-judging

11 stars 9 forks source link

qmdddd - Before executeAdjust, protocol should first transfer the fee to the vault #122

Closed sherlock-admin2 closed 8 months ago

sherlock-admin2 commented 8 months ago

qmdddd

medium

Before executeAdjust, protocol should first transfer the fee to the vault

Summary

Before executeAdjust, protocol should first transfer the fee to the vault

Vulnerability Detail

In function _executeLeverageAdjust, LeverageModule is going to executeAdjust. And In function executeAdjust, vault needs to send fees to keeper. 

// Sending keeper fee from order contract to the executor.
        vault.sendCollateral({to: _keeper, amount: _order.keeperFee});

However, in function _executeLeverageAdjust, fees is transfered to vault after the executeAdjust, which is incorrect.

Impact

executeAdjust may be DOSed as no enough fees.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L598-L610

Tool used

Manual Review

Recommendation

Before executeAdjust, protocol should first transfer the fee to the vault.

Duplicate of #178

sherlock-admin commented 8 months ago

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid: medium(9)

sherlock-admin commented 8 months ago

The protocol team fixed this issue in PR/commit https://github.com/dhedge/flatcoin-v1/pull/272.