search

sherlock-audit / 2024-05-elfi-protocol-judging

0 stars 0 forks source link

ZeroTrust - When the poolValue is 0, the corresponding market will experience a DoS #234

Closed sherlock-admin4 closed 1 week ago

sherlock-admin4 commented 2 weeks ago

ZeroTrust

High

When the poolValue is 0, the corresponding market will experience a DoS

Summary

When the poolValue is 0, the corresponding market will experience a DoS

Vulnerability Detail

In RedeemProcess.sol, _executeRedeemStakeToken will revert, When the poolValue is 0

    function _executeRedeemStakeToken(
        LpPool.Props storage pool,
        Redeem.Request memory params,
        address baseToken
    ) internal returns (uint256) {
        ExecuteRedeemCache memory cache;
        cache.poolValue = pool.getPoolValue();
        cache.totalSupply = TokenUtils.totalSupply(pool.stakeToken);
        cache.tokenDecimals = TokenUtils.decimals(baseToken);
@>>        if (cache.poolValue == 0 || cache.totalSupply == 0) {
            revert Errors.RedeemWithAmountNotEnough(params.account, baseToken);
        }
        //skip ......
    }

In MintProcess.sol, _executeMintStakeUsd will revert, When the poolValue is 0

    function computeStakeAmountFromMintToken(
        LpPool.Props storage pool,
        uint256 mintAmount
    ) public view returns (uint256) {
        uint256 totalSupply = TokenUtils.totalSupply(pool.stakeToken);
        uint8 tokenDecimals = TokenUtils.decimals(pool.baseToken);
        uint256 poolValue = pool.getPoolValue();
        uint256 mintStakeTokenAmount;
        if (totalSupply == 0 && poolValue == 0) {
            mintStakeTokenAmount = mintAmount;
        } else if (totalSupply == 0 && poolValue > 0) {
            mintStakeTokenAmount =
                mintAmount +
                CalUtils.usdToToken(
                    poolValue,
                    tokenDecimals,
                    OracleProcess.getLatestUsdUintPrice(pool.baseToken, true)
                );
@>>        } else if (poolValue == 0) {
            revert Errors.PoolValueIsZero();
        } 
     //skip ..
    }

and getPoolAvailableLiquidity() will be 0. It’s very likely for poolValue to be 0 because it bears the counterparty risk for both long and short positions of users. Then the corresponding market will experience a DoS。

Impact

the corresponding market will experience a DoS

Code Snippet

https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/process/RedeemProcess.sol#L133

https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/process/MintProcess.sol#L276

Tool used

Manual Review

Recommendation

Take measures to ensure that positions are closed when there is a significant buffer in poolValue.

nevillehuang commented 2 days ago

Invalid, if pool value is zero than there is nothing to redeem, I don't see the issue here