Closed sherlock-admin2 closed 3 months ago
ZeroTrust
Medium
poolLiquidityLimit=0 has completely different meanings in UsdPool.sol and LpPoolQueryProcess.sol
In UsdPool.sol, poolLiquidityLimit=0 means that the available liquidity is 100%
function isSubAmountAllowed(Props storage self, address stableToken, uint256 amount) public view returns (bool) { TokenBalance storage balance = self.stableTokenBalances[stableToken]; if (balance.amount < amount) { return false; } uint256 poolLiquidityLimit = getPoolLiquidityLimit(); if (poolLiquidityLimit == 0) { @>> return balance.amount - balance.holdAmount >= amount; } else { return CalUtils.mulRate(balance.amount - amount, poolLiquidityLimit) >= balance.holdAmount; } }
However in LpPoolQueryProcess.sol, poolLiquidityLimit=0 means that the available liquidity is 0
function getUsdPoolAvailableLiquidity(UsdPool.Props storage pool, address token) public view returns (uint256) { UsdPool.TokenBalance memory tokenBalance = pool.getStableTokenBalance(token); uint256 totalAmount = tokenBalance.amount + tokenBalance.unsettledAmount; @> uint256 availableTokenAmount = CalUtils.mulRate(totalAmount, UsdPool.getPoolLiquidityLimit()); return availableTokenAmount > tokenBalance.holdAmount ? availableTokenAmount - tokenBalance.holdAmount : 0; }
Thus, if poolLiquidityLimit=0, it will cause the entire system to calculate incorrectly. The same issue is in UsdPool.sol and LpPoolQueryProcess.sol.
If poolLiquidityLimit=0, it will cause the entire system to calculate incorrectly.
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/storage/UsdPool.sol#L247
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/process/LpPoolQueryProcess.sol#L193
Manual Review
Modify the code to make the logic consistent.
poolLiquidityLimit is a configuration option, and we will not set it to 0.
ZeroTrust
Medium
poolLiquidityLimit=0 has completely different meanings in UsdPool.sol and LpPoolQueryProcess.sol
Summary
poolLiquidityLimit=0 has completely different meanings in UsdPool.sol and LpPoolQueryProcess.sol
Vulnerability Detail
In UsdPool.sol, poolLiquidityLimit=0 means that the available liquidity is 100%
However in LpPoolQueryProcess.sol, poolLiquidityLimit=0 means that the available liquidity is 0
Thus, if poolLiquidityLimit=0, it will cause the entire system to calculate incorrectly. The same issue is in UsdPool.sol and LpPoolQueryProcess.sol.
Impact
If poolLiquidityLimit=0, it will cause the entire system to calculate incorrectly.
Code Snippet
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/storage/UsdPool.sol#L247
https://github.com/sherlock-audit/2024-05-elfi-protocol/blob/main/elfi-perp-contracts/contracts/process/LpPoolQueryProcess.sol#L193
Tool used
Manual Review
Recommendation
Modify the code to make the logic consistent.