sherlock-admin
commented
6 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid; high(2)
Closed sherlock-admin2 closed 6 months ago
sherlock-admin
commented
6 months ago 1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid; high(2)
KingNFT
medium
_globalPositions.marginDepositedTotalmight be set to a extreme big numberSummary
There is a invalid validation before updating
_globalPositions.marginDepositedTotal, it's value might be set to a extreme big number due to overflow. In this case, the protocol would be bricked.Vulnerability Detail
The issue arise on L232 of
FlatcoinVault.sol, the validation ofint256(_globalPositions.marginDepositedTotal) > _fundingFeesis invalid. let's say_globalPositions.marginDepositedTotal = 100and_fundingFees = -101, they meet the above validation, but thenuint256(int256(_globalPositions.marginDepositedTotal) + _fundingFees) = uint256(100 - 101) = uint256(-1) = type(uint256).max. Unintentional overflow occurs and_globalPositions.marginDepositedTotalis being set to a extreme big number.Impact
In this case, any subsequent operations for increasing net global margin would fail, which includes
openPosition,increasePositionMarginandupdateGlobalPositionPnL.Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/bba4f077a64f43fbd565f8983388d0e985cb85db/flatcoin-v1/src/FlatcoinVault.sol#L232
Tool used
Manual Review
Recommendation
Duplicate of #195