Points system is flawed

Summary

Anyone can take advantage of the points system by creating an order and closing it directly.

Vulnerability Detail

Users are awarded points every time they create a new position or increase the additionalSize for their position granted that the points will be locked for a period of time see the code here, this system is flawed as a user can take advantage of this by creating a large position and then closing it, granted that the user will still have to wait for the tokens to finish their unlock vesting but the user is not penalized for closing the position consider the following:

UserA opens a position for 100e18 size UserA is awarded with x amount of point UserB opens a position for 100e18 size UserB is awarded with x amount of point UserB closes a position for 100e18 size

unlockTaxVest passes and UserA and UserB will have unlocked the same amount of points even with userA having his tokens in the protocol the entire time and UserB having done nothing for the protocol besides paying a fee that UserA will also have to pay.

Impact

Anyone can take advantage of the points system without benefiting the protocol.

Code Snippet


    function _unlock(uint256 amount) internal {
        uint256 unlockTax = getUnlockTax(msg.sender);
        uint256 lockedAmount = _lockedAmount[msg.sender];

        if (amount == type(uint256).max) amount = lockedAmount;

        if (lockedAmount == amount) unlockTime[msg.sender] = 0;

        _unlock(msg.sender, amount);

        if (unlockTax > 0) {
            uint256 treasuryAmount = amount._multiplyDecimal(unlockTax);
            _transfer(msg.sender, treasury, treasuryAmount);
        }
    }

Tool used

Manual Review

Recommendation

Consider keeping track of the points of the users based on time in the protocol within the unlockTaxVest time frame, or require that the users still has their tokens in the protocol when unlocking.

Duplicate of #187

sherlock-audit / 2023-12-flatmoney-judging

GoSlang - Points system is flawed #55