Closed sherlock-admin2 closed 7 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid: the fee should be sent first; medium(9)
The protocol team fixed this issue in PR/commit https://github.com/dhedge/flatcoin-v1/pull/272.
shaka
medium
Users may not be able to adjust their leverage if there is not enough collateral in the vault
Summary
For leverage adjust execution, the keeper fee is sent to the vault after paying the keeper. This means that if there is not enough collateral available in the vault, the transaction will fail.
Vulnerability Detail
In the leverage adjust execution, when
marginAdjustment
is positive, the chain of events is as follows:DelayedOrder
contract there is a call toLeverageModule.executeAdjust
.DelayedOrder
to the vault.As we can see, the keeper fee is sent from the vault to the keeper before it is sent from the
DelayedOrder
contract to the vault. This means that if there is not enough collateral available in the vault, the transaction will fail.Impact
Users may not be able to adjust their leverage if there is not enough collateral in the vault.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L598-L602
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LeverageModule.sol#L235
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L606-L609
Tool used
Manual Review
Recommendation
Transfer the collateral from the
DelayedOrder
contract to the vault before callingLeverageModule
as it is done in_executeLeverageOpen
function.Duplicate of #178