Closed sherlock-admin2 closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid: high(2)
Yes, this is in our opinion a valid issue and a better explanation IMO when compared to #43 .
@rashtrakoff This seems like a duplicate of #195 albeit a different impact, do you agree?
@nevillehuang I agree with that statement. Cc @itsermin @D-Ig
shaka
medium
DoS for functions with invariant modifiers
Summary
There are some edge cases where the margin deposited total and stable collateral total are not adjusted to their real values to avoid a negative value. These adjustments will cause an imbalance in the collateral net balance that will revert the transaction when the function called uses the
orderInvariantChecks
orliquidationInvariantChecks
modifiers.Vulnerability Detail
In
FlatcoinVault.settleFundingFees
the funding fees are calculated, added to the margin deposited total, and subtracted from the stable collateral total. However, when the funding fees are greater than the margin deposited total, this value is set to 0 to avoid negative margin deposited values.In the same way,
FlatcoinVault._updateStableCollateralTotal
adjusts the stable collateral total by adding or subtracting to it_stableCollateralAdjustment
, and when this value is negative and greater than the stable collateral total in absolute value,stableCollateralTotal
is set to 0.Given that these edge cases do not adjust the margin deposited total and stable collateral total to their real values, this creates an imbalance in the accounting of the calculation of the collateral net balance and thus, will revert when the function called uses the
orderInvariantChecks
orliquidationInvariantChecks
modifiers.Impact
The functions
LiquidationModule.liquidate
,LimitOrder.executeLimitOrder
, andDelayedOrder.executeOrder
will not be executable when the margin deposited total and stable collateral total are not adjusted to their real values, as theorderInvariantChecks
andliquidationInvariantChecks
modifiers will revert the transaction.Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L230-L234
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/misc/InvariantChecks.sol#L89-L100
https://github.com/sherlock-audit/2023-12-flatmoney/blob/main/flatcoin-v1/src/misc/InvariantChecks.sol#L93-L100
Tool used
Manual Review
Recommendation
Consider removing the invariant modifiers or adapting to account for the edge cases.
Duplicate of #196