Closed sherlock-admin2 closed 4 months ago
2 comment(s) were left on this issue during the judging contest.
WildSniper commented:
borderLine medium low
WildSniper commented:
seems like optimizing the protocol other than a valid bug and taking into consideration how the main position is two sided not one sided
How to identify a medium issue:
- Causes a loss of funds but requires certain external conditions or specific states, or a loss is highly constrained. The losses must exceed small, finite amount of funds, and any amount relevant based on the precision or significance of the loss.
- Breaks core contract functionality, rendering the contract useless or leading to loss of funds.
I don't think so; it reaches the medium severity requirements.
merlin
medium
The
isCalm()
function incorrectly checks whether the current price is within a certain deviationSummary
The
StrategyPassiveManagerVelodrome.twap()
function does not round to negative infinity for negative ticks, which affects the calculation ofminCalmTick and maxCalmTick
inisCalm()
.Vulnerability Detail
The problem is that in case if
(tickCuml[1] - tickCuml[0])
is negative, then the tick should be rounded down as it's done in the uniswap library. In this case returned tick will be bigger then it should be.The
twapTick
will be larger, which will affect the calculation ofminCalmTick
andmaxCalmTick
inisCalm()
, leading to transactions failing:Impact
All function calls that have the
onlyCalmPeriods
modifier will fail due to the incorrect check for whether the current price is within a certain deviation.Code Snippet
contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L747
Tool used
Manual Review
Recommendation
Consider modifying the
twap
function as follows: