shaka - Users may not be able to adjust their leverage if there is not enough collateral in the vault

[sherlock-admin2]

shaka

medium

Users may not be able to adjust their leverage if there is not enough collateral in the vault

Summary

For leverage adjust execution, the keeper fee is sent to the vault after paying the keeper. This means that if there is not enough collateral available in the vault, the transaction will fail.

Vulnerability Detail

In the leverage adjust execution, when marginAdjustment is positive, the chain of events is as follows:

• In the DelayedOrder contract there is a call to LeverageModule.executeAdjust.
• The keeper fee is sent to the keeper from the vault.
• The collateral, including the keeper fee, is sent from DelayedOrder to the vault.

As we can see, the keeper fee is sent from the vault to the keeper before it is sent from the DelayedOrder contract to the vault. This means that if there is not enough collateral available in the vault, the transaction will fail.

Impact

Users may not be able to adjust their leverage if there is not enough collateral in the vault.

Code Snippet

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L598-L602

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/LeverageModule.sol#L235

https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/DelayedOrder.sol#L606-L609

Tool used

Manual Review

Recommendation

Transfer the collateral from the DelayedOrder contract to the vault before calling LeverageModule as it is done in _executeLeverageOpen function.

Duplicate of #178

[sherlock-admin]

1 comment(s) were left on this issue during the judging contest.

takarez commented:

valid: the fee should be sent first; medium(9)

[sherlock-admin]

The protocol team fixed this issue in PR/commit https://github.com/dhedge/flatcoin-v1/pull/272.