Closed sherlock-admin closed 5 months ago
1 comment(s) were left on this issue during the judging contest.
takarez commented:
valid: the value should infact be subtracted during withdrawal; medium(7)
The protocol team fixed this issue in PR/commit https://github.com/dhedge/flatcoin-v1/pull/273.
Bony
high
In correct calculation logic of
FlatcoinVault.checkSkewMax
functionSummary
To calculate the
longSkewFraction
correctly, the_additionalSkew
amount should be substracted from thestableCollateralTotal
, not to be added to thesizeOpenedTotal
. And since the FlatcoinVault.checkSkewMax is used to check whether the skew is disabled or not, the skew check will be bypassed and the system will be too skewed towards the longVulnerability Detail
To calculate the
longSkewFraction
correctly, theadditonalSkew
should be substracted from thestableCollateralTotal
, not to be added to thesizeOpenedTotal
Impact
The system will be too skewed towards the long.
Code Snippet
https://github.com/sherlock-audit/2023-12-flatmoney/blob/bba4f077a64f43fbd565f8983388d0e985cb85db/flatcoin-v1/src/FlatcoinVault.sol#L296-L307
Tool used
Manual Review
Recommendation
Duplicate of #193