Closed sherlock-admin2 closed 6 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
invalid: no division by zero
Escalate
Low, seems like acceptable risk because such situation really unlikely to happen (this basicly means flatcoin has no collateral backed).
Escalate
Low, seems like acceptable risk because such situation really unlikely to happen (this basicly means flatcoin has no collateral backed).
You've created a valid escalation!
To remove the escalation from consideration: Delete your comment.
You may delete or edit your escalation comment anytime before the 48-hour escalation window closes. After that, the escalation becomes final.
can't understand what that escalation is saying.
As long as netTotal calculated by L184 is greater than or equal to vault.stableCollateralTotal(), then _stableCollateralBalance is 0.
Imagine: if the price of the collateral rises sharply due to the occurrence of an good news, then the long side's netTotal is likely to be greater than the short side's stableCollateralTotal. In this way, stableCollateralTotalAfterSettlement may return 0. This will cause a division by zero error.
This is essentially the known issue in the README:
Flatcoin can be net short and ETH goes up 5x in a short period of time, potentially leading to UNIT going to 0. The flatcoin holders should be mostly delta neutral, but they may be up to 20% short in certain market conditions (skewFractionMax parameter). The funding rate should balance this out, but theoretically, if ETH price increases by 5x in a short period of time whilst the flatcoin holders are 20% short, it's possible for flatcoin value to go to 0. This scenario is deemed to be extremely unlikely and the funding rate is able to move quickly enough to bring the flatcoin holders back to delta neutral.
Planning to accept the escalation and invalidate the report as it's describing a known issue/acceptable risk described in the README @securitygrid
Agree
Result: Invalid Has Duplicates
nobody2018
medium
StableModule.stableCollateralPerShare may return 0 in edge case
Summary
[DelayedOrder.announceStableDeposit](https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L67-L71) will [call StableModule.stableDepositQuote to calculate quotedAmount](https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L80-L81). If [StableModule.stableCollateralPerShare](https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L208) returns 0, then tx will be revert due to a divide-by-zero error. Therefore, the short side cannot deposit collateral.
Vulnerability Detail
L225, if
stableCollateralPerShare()
returns 0, a divide-by-zero error will occur.Under what circumstances will
stableCollateralTotalAfterSettlement(_maxAge)
return 0?As long as
netTotal
calculated by L184 is greater than or equal tovault.stableCollateralTotal()
, then_stableCollateralBalance
is 0.[LeverageModule.fundingAdjustedLongPnLTotal](https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LeverageModule.sol#L397-L411) returns the total profit and loss of all the leverage positions (long side). A positive netTotal means the collateral price pumps, and vice versa. And
vault.stableCollateralTotal()
represents the funds of the short side.Imagine: if the price of the collateral rises sharply due to the occurrence of an good news, then the long side's
netTotal
is likely to be greater than the short side'sstableCollateralTotal
. In this way,stableCollateralTotalAfterSettlement
may return 0. This will cause a division by zero error.Because the price of collateral rises sharply, the sentiment of short side will increase. However, the short side will be unable to deposit collateral via
DelayedOrder.announceStableDeposit
.Impact
If the above situation occurs, the short side will not be able to deposit collateral due to a divide-by-zero error. This is obviously unfair to the short side.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L80-L81
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L212-L214
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/StableModule.sol#L184-L196
Tool used
Manual Review
Recommendation