The newAverageEntryPrice for averagePrice is calculating incorrectly.
Summary
See details.
Vulnerability Detail
The updateGlobalPositionData updates the global position data for all users . However we know that the averagePrice is the price for opening new position for user. But when we updating the new averagePrice for all users it is very less than it should be because everytime when the sizeOpenedTotal is increasing then the newAverageEntryPrice is decreasing or when the _additionalSizeDelta is changing. So the problem is here that after some point when there will be much sizeOpenedTotal then this newAverageEntryPrice will be zero or very less then initialial averagePrice . Let's analyze how ?
1) Lets say initially averagePrice = 1000.
2) The sizeOpenedTotal = 10 , and the price of underlying asset is 100.
3) Now if we want to update newAverageEntryPrice for 2 more opened position (_additionalSizeDelta) with (5 + 5 eth) = 10 , then it will be halft of previous averagePrice which was 1000 let see how.
5) So now we can say that averagePrice will be decreasing for all users everytime when the _additionalSizeDelta changes or if the sizeOpenedTotal is increasing.
Impact
averagePrice can be zero or very less for users if there will be much sizeOpenedTotal .
Please make sure that the averagePrice should be little bit higher for all users everytime when the sizeOpenedTotal is increasing rather than decreasing.
Dudex_2004
high
The
newAverageEntryPriceforaveragePriceis calculating incorrectly.Summary
See details.
Vulnerability Detail
The
updateGlobalPositionDataupdates the global position data for all users . However we know that theaveragePriceis the price for opening new position for user. But when we updating the newaveragePricefor all users it is very less than it should be because everytime when thesizeOpenedTotalis increasing then thenewAverageEntryPriceis decreasing or when the_additionalSizeDeltais changing. So the problem is here that after some point when there will be muchsizeOpenedTotalthen thisnewAverageEntryPricewill be zero or very less then initialialaveragePrice. Let's analyze how ?1) Lets say initially
averagePrice= 1000. 2) ThesizeOpenedTotal= 10 , and the price of underlying asset is 100. 3) Now if we want to updatenewAverageEntryPricefor 2 more opened position (_additionalSizeDelta) with (5 + 5 eth) = 10 , then it will be halft of previousaveragePricewhich was 1000 let see how.4)
newAverageEntryPricewill be = ((1000* 10) + (100 + 10))/(10 + 10) = 505.5 ,which is half of previousaverageEntryPrice.5) So now we can say that
averagePricewill be decreasing for all users everytime when the_additionalSizeDeltachanges or if thesizeOpenedTotalis increasing.Impact
averagePricecan be zero or very less for users if there will be muchsizeOpenedTotal.Code Snippet
https://github.com/sherlock-audit/2024-03-flat-money-fix-review-contest/blob/main/flatcoin-v1/src/FlatcoinVault.sol#L199C12-L201C1
Tool used
Manual Review
Recommendation
Please make sure that the
averagePriceshould be little bit higher for all users everytime when thesizeOpenedTotalis increasing rather than decreasing.