sherlock-admin
commented
6 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid; high(2)
Closed sherlock-admin closed 6 months ago
sherlock-admin
commented
6 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid; high(2)
evmboi32
medium
Incorrect accounting of marginDepositedTotal
Summary
The
_globalPositions.marginDepositedTotalcould incorrectly be set to 0.Vulnerability Detail
Let's take a look at a
settleFundingFeesfunction. This function is used to settle the currently unrecorded funding fees and update the_globalPositions.marginDepositedTotal.In an edge case where funding fees haven't been settled for long, this can produce an incorrect state. First, we need to look at the
_accruedFundingTotalByLongsfunction. By looking at a function we can see that the result can be either positive or negative based on theunrecodedFunding.If the
unrecordedFunding < 0this means that shorts have to pay to the longs and ifunrecordedFunding > 0the longs have to pay to the shorts.When
unrecordedFunding < 0this means profit for the longs and the return value of the function is positive.Consider the following scenario:
_globalPositions.marginDepositedTotal=1 ether_fundingFees=1.1 ether(return value of_accruedFundingTotalByLongs)Since
_fundingFeesare positive it means they have to be added to themarginDepositedTotalas the fee for the longs. SincefundingFees > marginDepositedTotalthemarginDepositedTotalwill be incorrectly set to 0 instead of 2.1 ether. (refer to the first piece of code).Impact
marginDepositedTotalcould be accounted incorrectly.Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L216-L237
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/libraries/PerpMath.sol#L219-L224
Tool used
Manual Review
Recommendation
Change the logic of the
settleFundingFeesas followsDuplicate of #195